makes perfect sense considering alot of the feedback on the forums. Owen Rubel 415-971-0976 oru...@gmail.com
On Tue, Aug 18, 2015 at 2:27 AM, Paul King <pa...@asert.com.au> wrote: > > Hi folks, > > We are planning to add the ability to set system properties via the > @GrabConfig annotation[1]. This will allow scripts which use @Grab to > access an Ivy/Maven repo via a proxy (e.g. using system property > http.proxyHost) or specify a trust certificate store (using the > javax.net.ssl.keystore system property) or set other needed system > properties. This will use System.setProperty under the covers[2], so a > well-defined security mechanism is in place. > > We don't see this proposed feature as creating any additional security > risk since you could just as easily add such system properties when > invoking the JVM at the command-line or have System.setProperty lines in > your script - the only difference in the latter case is the timing since > @Grab does it's magic during class initialization and adds the grabbed jars > to the classpath if needed, so the properties must be set before the script > is run. > > While we don't believe this introduces any new risks, we thought we'd ask > for wider feedback and see if anyone else perceives any possible security > risk that we might not be aware of and allow us to modify the proposed > approach[2] if needed to mitigate any such risks. > > Cheers, Paul. > [1] https://issues.apache.org/jira/browse/GROOVY-7548 > [2] https://github.com/apache/incubator-groovy/pull/83 > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > >
