Can some one tell how can I restrict System properties to be accessed through a process object? If I run the following piece of code through process object , can I throw security exceptions.

System.getProperty("user.home");

Please enlighten me about how to configure the securities for a process object.

In ProcessBuilder class document , in environment method it is written:

A system may not allow modifications to environment variables or may forbid certain variable names or values.

So please let me know how to forbid certain variable values.

Updated: So suppose I am using a Java web application and giving the client side a platform to code. Then how to configure the java security separately for java web application and for client side application.(As I will never want to restrict the web application to get any property of System, whereas I must restrict client side to use these commands for application vulnerability)

Create your own security manager and check access for some properties

public class MySecurityManager extends SecurityManager {

@Override
public void checkPropertyAccess(String key) throws SecurityException  {
        if ( key != null && key.equals("some.forbidden_value") {
            throw new SecurityException("some message");
         }
         super.checkPropertyAccess( key );
    }
}

And somewhere else in your code attach your security manager:

System.setSecurityManager( new MySecurityManager() );