https://bz.apache.org/bugzilla/show_bug.cgi?id=59661
--- Comment #11 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Mark Thomas from comment #10) > (In reply to Michael Osipov from comment #9) > > The problem with copying is that you may missed custom attributes for custom > > providers. Though, being an edge cases, still valid. > > Those would have to be set explicitly on the factory. I think that would default the simplicity of the factory. Especially that most properties apply per provider/protocol. > > The other point is that if your Mail does not have a Session associated, > > Transport with create a default one with the System Properties set. Deating > > your security concern by default. Have a look at the source code and you > > will see it. > > I did look and that code is not inside a privileged block so it can't bypass > the SecurityManager. > > My position remains unchanged from that set out in comment #8. You are right. It is done in a lower level. Is ssing the SecurityManager in the session factory a way to go or still a leakage? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
