What is wrong when using System.set property in java?
Question
In my java program, I'm using System.set property, and it's working fine. But in my whole project, I'm not using any System.get property. But when I use Hp fortify tool, it's showing bug as Setting Manipulation . Set property using like this : System.setProperty("java.net.useSystemProxies", "true"); is it wrong way to use,if so can anybody guide me.
1 answers
solution1
0 2014-09-04 07:59:44
Manipulating system settings from the Java code is a potential security issue. See the description of the alert here . Here's a brief extract of the document:
ABSTRACT
Allowing external control of system settings can disrupt service or cause an application to behave in unexpected ways.
EXPLANATION
Setting manipulation vulnerabilities occur when an attacker can control values that govern the behavior of the system, manage specific resources, or in some way affect the functionality of the application.
Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.