JDK-4975882 : Reverse DNS calls in SocketPermission undesirable
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 6
  • Priority: P4
  • Status: Resolved
  • Resolution: Won't Fix
  • OS: generic,linux
  • CPU: generic,x86
  • Submitted: 2004-01-09
  • Updated: 2018-10-02
  • Resolved: 2018-10-02
Related Reports
Duplicate :  
JDK-5004073 - Impossible to use Security Manager with unstable DNS
Relates :  
JDK-7152564 - Improve CodeSource.matchLocation(CodeSource) performance
Relates :  
JDK-6237270 - Should re-evaluate where to do reverse DNS lookups
Relates :  
JDK-5108353 - The equivalent API function of Command line option -DtrustProxy is not working
Relates :  
JDK-4084543 - DNS lookup attempted even when proxy is being used behind firewall
Description
a customer has ask this question, he has a network setup in which
DNS name to address translation is ok but address to name translation
is not allowed.
in this setup he has used an applet to connect to a server and run into
a huge delay because of this code in SocketPermission.java, method
impliesIgnoreMask:

          // XXX: if all else fails, compare hostnames?
          // Do we really want this?
          if (this.cname == null) {
              this.getCanonName();
          }

          if (that.cname == null) {
->               that.getCanonName();
          }

          return (this.cname.equalsIgnoreCase(that.cname));

this line doing reverse DNS hangs for long time. since the comment says
"do we really want this", it makes me think can this be considered to
removed? we have already compared IP address above this.
Comments
To risky to change at this point without having a potentially negative impact on security and compatibility.
02-10-2018
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mustang
29-09-2004
EVALUATION Revisit for mustang ###@###.### 2004-01-12
12-01-2004