Bug 21197 - SMTPAppender needs only one property but reads too many
Summary: SMTPAppender needs only one property but reads too many
Status: RESOLVED INVALID
Alias: None
Product: Log4j - Now in Jira
Classification: Unclassified
Component: Appender (show other bugs)
Version: 1.2
Hardware: All All
: P3 normal
Target Milestone: ---
Assignee: log4j-dev
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-30 19:23 UTC by Phillip Qin
Modified: 2004-12-13 07:07 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Phillip Qin 2003-06-30 19:23:14 UTC 
SMTPAppender reads all of the system properties in method activateOptions in 
order to setup mail service. This is not necessary because only property 
mail.smtp.host is required.

There is a potential security issue when Java Security Manager is enabled. In 
policy file, the specific codeBase has to be granted PropertyPermission of read 
and write for all system properties.

This bug was found when starting Tomcat with -security.
Comment 1 Yoav Shapira 2004-12-13 16:07:30 UTC 
Actualy, additional properties may be used, including provider-specific mail-
related system properties.  For example, user and password credentials, or 
additional mail factory configuration details, may be specified as system 
properties.  These are passed to the mail Session constructor as the JavaMail 
API recommended.  So mail.smtp.host is not the only property used, and in fact 
we cannot know in advance the set of properties that will be used.