Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8155775

Re-examine naming of privileged methods to access System properties

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Fixed
    • Icon: P3 P3
    • 9
    • None
    • security-libs
    • None
    • b118
    • generic
    • generic

      JDK-8154231 introduced GetPropertyAction.getProperty et al, and after some discussion it was suggested to alter these methods to better indicate that calling these methods is performing a privileged action:

      GetPropertyAction.getProperty -> privilegedGetProperty
      GetPropertyAction.getProperties -> privilegedGetProperties
      GetIntegerAction.getProperty -> privilegedGetProperty

      Also a note should be added to all methods: "Note that this method performs a doPrivileged using caller-provided inputs. The caller of this method should take care to ensure that the inputs are not tainted and the returned property is not made accessible to untrusted code if it contains sensitive information."

            redestad Claes Redestad
            redestad Claes Redestad
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: