In java to pass the values between some classes we can use System.setProperty. But using System.getProperties() we can get all the system properties. So if i use any third party API's means they can also access my properties and also they can change. SO is System.setProperty safe ?
解决方案
It depends what you mean by safe.
It is good practice1 treat the System Properties object as read only, but you can't rely on 3rd-party libraries to do that.
If you are worried about "trusted" 3rd-party code seeing or changing your application's properties, don't use System Properties to represent them. Create your own Properties object and put your properties there. This is probably the simplest approach overall.
If you use sandboxing, you can prevent untrusted code from access the System Properties ... provided that your code doesn't leak the System Properties object to the untrusted code. (The access checks are implemented in the System methods ...)
A Properties object is thread-safe ... if you are referring to that kind of safety.
1 - Occasionally it is necessary to modify system properties programmatically. However, you can end up with fragile applications by doing this. The system properties are typically used to configure JVM services during the initialization. If the order of class initialization changes for some reason, you could find that your application code is now setting the properties too late. If possible, it is better to set the properties via -D command line parameters.
在java中传递某些类之间的值,我们可以使用System.setProperty。但是使用System.getProperties()我们可以获得所有系统属性。因此,如果我使用任何第三方API意味着他们也可以访问我的属性,他们也可以更改。那么System.setProperty安全吗?
解决方案
这取决于您的安全意义。
优良作法 1 将系统属性对象视为只读,但您不能依赖第三方库来执行此操作。
如果您担心看到或更改应用程序属性的可信第三方代码,请不要使用系统属性来表示它们。创建自己的Properties对象并将属性放在那里。这可能是最简单的方法。
如果使用沙盒,可以防止不受信任的代码访问系统属性...前提是您的代码没有t将系统属性对象泄漏到不受信任的代码。 (访问检查在系统方法中实现...)
一个Properties对象是线程-safe ...如果你指的是那种安全。
1 - 有时需要以编程方式修改系统属性。但是,通过执行此操作,您最终可能会遇到脆弱的应用程序。系统属性通常用于在初始化期间配置JVM服务。如果类初始化的顺序由于某种原因而改变,您可能会发现您的应用程序代码现在设置属性太晚了。如果可能,最好通过 -D 命令行参数设置属性。