RFR JDK-8066709 Make some JDK system properties read only
Roger Riggs
Roger.Riggs at Oracle.com
Wed Jun 27 13:41:28 UTC 2018
Hi Sean,
Updated webrev:
http://cr.openjdk.java.net/~rriggs/webrev-static-property-8066709/index.html
I added the suggested text and updated the class level warning to match.
Thanks, Roger
On 6/27/2018 6:58 AM, Sean Mullan wrote:
> I think it is worth putting a stronger warning in each of the methods
> (and not just the class description) of StaticProperty that additional
> care should be taken when using these methods since there is no
> SecurityManager check. For example:
>
>
> "<strong>{@link SecurityManager#checkPropertyAccess} is NOT checked
> in this method. The caller of this method should take care to ensure
> that the returned property is not made accessible to untrusted code."
>
> --Sean
>
> On 6/26/18 10:10 PM, Roger Riggs wrote:
>> Hi,
>>
>> Updated webrev:
>>
>> http://cr.openjdk.java.net/~rriggs/webrev-static-property-8066709/index.html
>>
>>
>> Applied changes from prior comments and droped a change no longer
>> needed due
>> to the TLS 1.3 removal of ClientKeyExchangeService.java.
>>
>> The CSR has been approved without possibly confusing @implNote in
>> System.getProperties
>> about caching of specific properties, including java.home, etc.
>>
>> Thanks for any additional comments.
>>
>> Roger
>>
>>
>>
>> On 6/19/18 11:52 AM, Brent Christian wrote:
>>> On 6/19/18 8:08 AM, Roger Riggs wrote:
>>>>>
>>>>> * src/java.base/share/classes/java/lang/System.java :
>>>>>
>>>>> Should the @implNote with the list of cached properties be added
>>>>> everywhere the @apiNote is being added ? Right now the @implNote
>>>>> is only added to getProperties().
>>>>>
>>>> The repetition was getting tiresome and the base of all the
>>>> xxxProperties methods is getProperties.
>>>> Joe suggested having one copy of the full information and
>>>> referring to that from the individual @apiNotes.
>>>
>>> Fair enough.
>>>
>>>>> * src/java.base/share/classes/jdk/internal/util/StaticProperty.java :
>>>>>
>>>>> 45 private StaticProperty() {
>>>>> 46
>>>>> 47 }
>>>>>
>>>>> Maybe put this all on one line?
>>>>>
>>>> Will do
>>>
>>> Thanks,
>>> -Brent
>>>
>>
More information about the core-libs-dev
mailing list