Hi Tom,
Do you expect the fix for this issue by a) adding a doPrivileged block around
System.getProperties() or b) by adding a new class and corresponding methods
in TopLink oracle/toplink/essentials/internal/security package?
It's easy to do a), but I have a problem with option b) - it allows unauthorized
access to a malicious code: the jars under GF have all permissions, plus a
public method with doPrivileged block will block further security access
validation.
Do you see a problem if I do a) and file a separate bug for b)?
thanks,
-marina