Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.9k views
in Technique[技术] by (71.8m points)

security - System.setProperty is safe in java?

In java to pass the values between some classes we can use System.setProperty. But using System.getProperties() we can get all the system properties. So if i use any third party API's means they can also access my properties and also they can change. SO is System.setProperty safe ?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It depends what you mean by safe.

  1. It is good practice1 treat the System Properties object as read only, but you can't rely on 3rd-party libraries to do that.

  2. If you are worried about "trusted" 3rd-party code seeing or changing your application's properties, don't use System Properties to represent them. Create your own Properties object and put your properties there. This is probably the simplest approach overall.

  3. If you use sandboxing, you can prevent untrusted code from access the System Properties ... provided that your code doesn't leak the System Properties object to the untrusted code. (The access checks are implemented in the System methods ...)

  4. A Properties object is thread-safe ... if you are referring to that kind of safety.


1 - Occasionally it is necessary to modify system properties programmatically. However, you can end up with fragile applications by doing this. The system properties are typically used to configure JVM services during the initialization. If the order of class initialization changes for some reason, you could find that your application code is now setting the properties too late. If possible, it is better to set the properties via -D command line parameters.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...