>>>>> "Gary" == Gary Benson <gbenson@xxxxxxxxxx> writes: >> The reason there is still a lot of code that uses System.getProperty() >> is either historical (i.e. SystemProperties was introduced after >> that code was written) or because the author was unaware of >> SystemProperties. We've not been as careful about this as we maybe >> should be. Gary> The Mauve tests I am writing should cover every method that's Gary> documented as performing security tests on a property, so don't Gary> worry about accidentally writing something insecure: I ought to Gary> catch it in the next few weeks. I think the issue here is what happens when some random piece of Classpath is run in an environment with a security manager. In this case, the theory goes, we could get security failures where they ought not occur. So, we end up using SystemProperties and PrivilegedAction all over the place... IOW the security tests are testing that we properly call the security manager in every place we're required to. This is great and definitely necessary. But, it won't catch this failure mode, which is that we're calling the security manager, and being rejected, when that ought not to happen. Honestly I still wonder whether this is really correct -- it just seems too heavy. But I have not investigated it in a real way, so I'm just spouting off here. Tom