Alexey Varlamov wrote:
> Boris, for the security-sensitive applications, there is appropriate
> guard in place:
>
> public SecurityManager() {
> SecurityManager security = System.getSecurityManager();
> if (security != null) {
>
> security.checkPermission(RuntimePermission.permissionToCreateSecurityManager);
>
> }
> Class<?> type = Security.class; // initialize Security properties
> if (type == null) {
> throw new AssertionError();
> }
> }
>
> I believe this is enough. In fact if the code has enough privileges to
> modify such principal system properties, there might be even more
> severe problems...
I agree.
Regards,
Tim
--
Tim Ellison ([EMAIL PROTECTED])
IBM Java technology centre, UK.
