In an application I've worked on, we let users export preferences (colors and such) from the java preferences system to an xml file and later re-import those preferences. This is mostly useful for users who want to transfer prefs from one machine to another.
Exporting is done by Preferences.exportSubtree(OutputStream).
This exports only the preferences from the sub-node used by our program.
Importing uses Preferences.import(InputStream).
This works fine. But I'm worried that this could be abused. There is nothing preventing the user from importing preferences that would affect the way some OTHER java program runs.
Say that I work for a company called "Clamazon". My preferences are stored (by convention) under "com/clamazon". I can easily restrict my export so that I am only exporting preferences stored under "com/clamazon". But if a malicious users alters the xml file, they could then cause the import to affect preferences under any preferences node they wish, such as "org/mozilla/firefox". Assuming that Firefox was a Java program and that it actually stored information in "org/mozilla/firefox", this could then affect they way Firefox behaved.
Since Java is normally such a safe language, this apparent security hole bothers me.
Should I simply not worry about this, since nothing important should be stored in java preferences? Or should I try to build some system to pre-process the input stream to remove anything outside of the "/com/clamazon" node before sending the input stream on to Preferences.import() ?
Exporting is done by Preferences.exportSubtree(OutputStream).
This exports only the preferences from the sub-node used by our program.
Importing uses Preferences.import(InputStream).
This works fine. But I'm worried that this could be abused. There is nothing preventing the user from importing preferences that would affect the way some OTHER java program runs.
Say that I work for a company called "Clamazon". My preferences are stored (by convention) under "com/clamazon". I can easily restrict my export so that I am only exporting preferences stored under "com/clamazon". But if a malicious users alters the xml file, they could then cause the import to affect preferences under any preferences node they wish, such as "org/mozilla/firefox". Assuming that Firefox was a Java program and that it actually stored information in "org/mozilla/firefox", this could then affect they way Firefox behaved.
Since Java is normally such a safe language, this apparent security hole bothers me.
Should I simply not worry about this, since nothing important should be stored in java preferences? Or should I try to build some system to pre-process the input stream to remove anything outside of the "/com/clamazon" node before sending the input stream on to Preferences.import() ?