On 11/13/18 8:11 PM, Weijun Wang wrote:
Confused. Aren't all Security properties security-related? This is not about
normal system properties.
Although probably not that common, an application could create their own
security properties, ex: Security.setProperty("security.myPassword",
"abc123");
We want to avoid logging those. We just want to record changes to the
JDK security properties.
And the method name in the latest webrev is "isSecurityProperty" without the
"JDK" word. I assume this means you don't care about the difference between SE properties
and JDK properties.
Hmm, I was reviewing v7, and the name was changed in v8. I think
isJdkSecurityProperty method is a better name.
--Sean
--Max
On Nov 14, 2018, at 2:53 AM, Sean Mullan <sean.mul...@oracle.com> wrote:
* src/java.base/share/classes/java/security/Security.java
The isJdkSecurityProperty method could return false positives, for example there may be a
non-JDK property starting with "security.". I was thinking it would be better
to put all the JDK property names in a HashSet which is populated by the static
initialize() method, and only if event logging is enabled. Then setProperty can just
check if the property name is in this set.
