commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Lundberg (JIRA)" <j...@apache.org>
Subject [jira] Updated: (LOGGING-26) Security policy configuration, SimpleLog uses System.getProperties()
Date Tue, 29 Dec 2009 17:08:29 GMT

     [ https://issues.apache.org/jira/browse/LOGGING-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dennis Lundberg updated LOGGING-26:
-----------------------------------

    Fix Version/s: 1.0.3

> Security policy configuration, SimpleLog uses System.getProperties()
> --------------------------------------------------------------------
>
>                 Key: LOGGING-26
>                 URL: https://issues.apache.org/jira/browse/LOGGING-26
>             Project: Commons Logging
>          Issue Type: Bug
>    Affects Versions: Nightly Builds
>         Environment: Operating System: Solaris
> Platform: PC
>            Reporter: Glenn Nielsen
>             Fix For: 1.0.3
>
>
> SimpleLog uses System.getProperties to get a list of existing
> org.apache.commons.logging.* properties.
> If commons-logging is running within an application which uses
> the Java SecurityManager such as Tomcat this requires granting
> java.util.PropertyPermission "*", "read" to not only
> commongs-logging.jar, but all other jar files with classes
> on the stack.
> This makes it impossible to restrict access to reading properties
> for any API's on the stack.
> SimpleLog should get each individual property it needs separately.
> This would apply to any other code which uses System.getProperties() also.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message