JDK-8155775 : Re-examine naming of privileged methods to access System properties
- Type: Enhancement
- Component: security-libs
- Sub-Component: java.security
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2016-04-29
- Updated: 2016-05-12
- Resolved: 2016-05-03
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 9 |
|---|
9 b118Fixed  |
Related Reports
|
Blocks :
|
|
|
Blocks :
|
|
|
Relates :
|
Description
JDK-8154231 introduced GetPropertyAction.getProperty et al, and after some discussion it was suggested to alter these methods to better indicate that calling these methods is performing a privileged action: GetPropertyAction.getProperty -> privilegedGetProperty GetPropertyAction.getProperties -> privilegedGetProperties GetIntegerAction.getProperty -> privilegedGetProperty Also a note should be added to all methods: "Note that this method performs a doPrivileged using caller-provided inputs. The caller of this method should take care to ensure that the inputs are not tainted and the returned property is not made accessible to untrusted code if it contains sensitive information."