RFR: 8301260: Add system property to toggle XML Signature secure validation mode
Sean Coffey
coffeys at openjdk.org
Fri Feb 3 10:30:53 UTC 2023
On Thu, 2 Feb 2023 17:35:14 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/conf/security/java.security line 953:
>>
>>> 951: # "false". Any other value for the system property is also treated as "false".
>>> 952: # If the system property is set, it supersedes the XMLCryptoContext property
>>> 953: # value.
>>
>> is is necessary to state (hint) that the system property is read once at class load time ?
>
> I think you are touching on an issue that is poorly documented across many system properties, so I'm reluctant to add something here which might lead to questions about other properties. I've always felt that unless otherwise specified, you should assume a system property is only read once.
Thanks. I guess I was trying to be a bit more cautious here given that the DOMCryptoContext.html#setProperty approach allows the same property to be set/changed at any time during runtime. I'm fine with current edits then.
-------------
PR: https://git.openjdk.org/jdk/pull/12365
More information about the security-dev
mailing list