RFR JDK-8066709 Make some JDK system properties read only
Sean Mullan
sean.mullan at oracle.com
Wed Jun 27 10:58:53 UTC 2018
I think it is worth putting a stronger warning in each of the methods
(and not just the class description) of StaticProperty that additional
care should be taken when using these methods since there is no
SecurityManager check. For example:
"<strong>{@link SecurityManager#checkPropertyAccess} is NOT checked
in this method. The caller of this method should take care to ensure
that the returned property is not made accessible to untrusted code."
--Sean
On 6/26/18 10:10 PM, Roger Riggs wrote:
> Hi,
>
> Updated webrev:
>
> http://cr.openjdk.java.net/~rriggs/webrev-static-property-8066709/index.html
>
>
> Applied changes from prior comments and droped a change no longer needed
> due
> to the TLS 1.3 removal of ClientKeyExchangeService.java.
>
> The CSR has been approved without possibly confusing @implNote in
> System.getProperties
> about caching of specific properties, including java.home, etc.
>
> Thanks for any additional comments.
>
> Roger
>
>
>
> On 6/19/18 11:52 AM, Brent Christian wrote:
>> On 6/19/18 8:08 AM, Roger Riggs wrote:
>>>>
>>>> * src/java.base/share/classes/java/lang/System.java :
>>>>
>>>> Should the @implNote with the list of cached properties be added
>>>> everywhere the @apiNote is being added ? Right now the @implNote is
>>>> only added to getProperties().
>>>>
>>> The repetition was getting tiresome and the base of all the
>>> xxxProperties methods is getProperties.
>>> Joe suggested having one copy of the full information and
>>> referring to that from the individual @apiNotes.
>>
>> Fair enough.
>>
>>>> * src/java.base/share/classes/jdk/internal/util/StaticProperty.java :
>>>>
>>>> 45 private StaticProperty() {
>>>> 46
>>>> 47 }
>>>>
>>>> Maybe put this all on one line?
>>>>
>>> Will do
>>
>> Thanks,
>> -Brent
>>
>
More information about the core-libs-dev
mailing list