RFR: 8155039: Simplify code to setup SSLContextImpl and TrustManagerFactoryImpl
Mandy Chung
mandy.chung at oracle.com
Fri Jun 10 18:13:40 UTC 2016
> On Jun 10, 2016, at 4:33 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 06/09/2016 10:32 PM, Mandy Chung wrote:
>> Hi Claes,
>>
>> I don’t like the PropertiesWrapper idea. The caller should be
>> cautious in storing any sensitive information. For the system
>> properties, these callsites use it in the local scope that I don’t
>> see any reason and benefit to introduce a wrapper. I didn’t follow
>> this discussion closely and I may miss some reason ?
>
> The original code used multiple calls to System.getProperty wrapped in a doPrivileged. Claes' first iteration of the fix changed this to use a GetPropertyAction.privilegedGetProperties method that returned a Properties object. I expressed a concern that this was now exposing an object that, if accidentally leaked to untrusted code could cause much more damage than the original code (since the code would be able to set/get/remove *any* system property). Hence the current fix which uses a wrapper class which is not exported.
I actually see the original code is clearer to the reader and involves one single doPrivileged. I would avoid introducing PropertiesWrapper which I don’t think it’s the right way to protect security information. Sean may suggest to revert to the original code which I won’t object.
Mandy
More information about the security-dev
mailing list