You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by bu...@apache.org on 2002/06/10 15:03:29 UTC
DO NOT REPLY [Bug 9743] New: -
Security policy configuration, SimpleLog uses System.getProperties()
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9743>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9743
Security policy configuration, SimpleLog uses System.getProperties()
Summary: Security policy configuration, SimpleLog uses
System.getProperties()
Product: Commons
Version: Nightly Builds
Platform: PC
OS/Version: Solaris
Status: NEW
Severity: Normal
Priority: Other
Component: Logging
AssignedTo: commons-dev@jakarta.apache.org
ReportedBy: glenn@apache.org
SimpleLog uses System.getProperties to get a list of existing
org.apache.commons.logging.* properties.
If commons-logging is running within an application which uses
the Java SecurityManager such as Tomcat this requires granting
java.util.PropertyPermission "*", "read" to not only
commongs-logging.jar, but all other jar files with classes
on the stack.
This makes it impossible to restrict access to reading properties
for any API's on the stack.
SimpleLog should get each individual property it needs separately.
This would apply to any other code which uses System.getProperties() also.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>