> On Jun 10, 2016, at 4:33 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > On 06/09/2016 10:32 PM, Mandy Chung wrote: >> Hi Claes, >> >> I don’t like the PropertiesWrapper idea. The caller should be >> cautious in storing any sensitive information. For the system >> properties, these callsites use it in the local scope that I don’t >> see any reason and benefit to introduce a wrapper. I didn’t follow >> this discussion closely and I may miss some reason ? > > The original code used multiple calls to System.getProperty wrapped in a > doPrivileged. Claes' first iteration of the fix changed this to use a > GetPropertyAction.privilegedGetProperties method that returned a Properties > object. I expressed a concern that this was now exposing an object that, if > accidentally leaked to untrusted code could cause much more damage than the > original code (since the code would be able to set/get/remove *any* system > property). Hence the current fix which uses a wrapper class which is not > exported.
I actually see the original code is clearer to the reader and involves one single doPrivileged. I would avoid introducing PropertiesWrapper which I don’t think it’s the right way to protect security information. Sean may suggest to revert to the original code which I won’t object. Mandy
