Bug 21197

Summary: SMTPAppender needs only one property but reads too many
Product: Log4j - Now in Jira Reporter: Phillip Qin <pqin>
Component: AppenderAssignee: log4j-dev <log4j-dev>
Status: RESOLVED INVALID    
Severity: normal    
Priority: P3    
Version: 1.2   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Phillip Qin 2003-06-30 19:23:14 UTC 
SMTPAppender reads all of the system properties in method activateOptions in 
order to setup mail service. This is not necessary because only property 
mail.smtp.host is required.

There is a potential security issue when Java Security Manager is enabled. In 
policy file, the specific codeBase has to be granted PropertyPermission of read 
and write for all system properties.

This bug was found when starting Tomcat with -security.
Comment 1 Yoav Shapira 2004-12-13 16:07:30 UTC 
Actualy, additional properties may be used, including provider-specific mail-
related system properties.  For example, user and password credentials, or 
additional mail factory configuration details, may be specified as system 
properties.  These are passed to the mail Session constructor as the JavaMail 
API recommended.  So mail.smtp.host is not the only property used, and in fact 
we cannot know in advance the set of properties that will be used.