javasystem-propertiescode-security

Safer to set System property or add arguments in Java


I'm writing a program in Java 6 that needs to know the location of a properties file. Right now it is configured to do a System.getProperty to get the property file path which was added using the -D flag at runtime. I want to change it so that the property file path is added as an argument for the main method to read. My question is, are there any security implications in either configuration? If so, is one safer than the other? I have tried looking it up but have had trouble with what to search.


Solution

  • My question is, are there any security implications in either configuration? If so, is one safer than the other?

    There is no difference from a security perspective.

    However, there is big problem with the following from a security perspective.

    I'm writing a program in Java 6 ....

    Java 6 was EOL'ed in April 2013, and there have been no (public) security patches since then. Using Java 6 in a project where security is a concern is foolhardy, unless you have an Oracle Java support contract, and are diligent about security patches.