[
https://issues.apache.org/jira/browse/IGNITE-4537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15827967#comment-15827967
]
Dmitry Karachentsev commented on IGNITE-4537:
---------------------------------------------
Denis,
I suppose to filter property keys with condition:
{code}
key.startsWith("IGNITE_") || key.startsWith("java.")
|| key.startsWith("sun.") || key.startsWith("os.")
|| key.startsWith("file.") || key.startsWith("user.")
|| "path.separator".equals(key)
{code}
Is it OK or we should make it more strict and hardcode some standard properties?
> Update Notifier must not transfer system properties
> ---------------------------------------------------
>
> Key: IGNITE-4537
> URL: https://issues.apache.org/jira/browse/IGNITE-4537
> Project: Ignite
> Issue Type: Bug
> Reporter: Denis Magda
> Assignee: Dmitry Karachentsev
> Priority: Critical
> Fix For: 1.9
>
>
> Apache Ignite Update Notifier that is used for sending updates about new
> Apache Ignite versions gathers and transfers all system properties.
> The script must not do this. Instead, it has to get only those system
> properties like Java version, OS versions that are needed. Otherwise, the
> script might send sensitive information like passwords stored in the system
> properties.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
