From 98e8b19c7bc422600a7a27819311d0059b5af2da Mon Sep 17 00:00:00 2001
From: Jesse Wilson <jessewilson@google.com>
Date: Thu, 23 Jun 2011 15:59:32 -0700
Subject: Warn about the lack of access controls for SD card HTTP caches.

Change-Id: I54adc2f9b57964e15a0fc26b719729e6087b1bda
http://b/4772280
---
 core/java/android/net/http/HttpResponseCache.java | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'core/java/android/net/http')

diff --git a/core/java/android/net/http/HttpResponseCache.java b/core/java/android/net/http/HttpResponseCache.java
index b5d64e4..5f65dfa 100644
--- a/core/java/android/net/http/HttpResponseCache.java
+++ b/core/java/android/net/http/HttpResponseCache.java
@@ -70,12 +70,15 @@ import org.apache.http.impl.client.DefaultHttpClient;
  * the hit rate, but it may also just waste filesystem space!
  *
  * <p>For some applications it may be preferable to create the cache in the
- * external storage directory. Although it often has more free space, external
- * storage is optional and&#8212;even if available&#8212;can disappear during
- * use. Retrieve the external cache directory using {@link Context#getExternalCacheDir()}. If this method
- * returns null, your application should fall back to either not caching or
- * caching on non-external storage. If the external storage is removed during
- * use, the cache hit rate will drop to zero and ongoing cache reads will fail.
+ * external storage directory. <strong>There are no access controls on the
+ * external storage directory so it should not be used for caches that could
+ * contain private data.</strong> Although it often has more free space,
+ * external storage is optional and&#8212;even if available&#8212;can disappear
+ * during use. Retrieve the external cache directory using {@link
+ * Context#getExternalCacheDir()}. If this method returns null, your application
+ * should fall back to either not caching or caching on non-external storage. If
+ * the external storage is removed during use, the cache hit rate will drop to
+ * zero and ongoing cache reads will fail.
  *
  * <p>Flushing the cache forces its data to the filesystem. This ensures that
  * all responses written to the cache will be readable the next time the
@@ -214,7 +217,7 @@ public final class HttpResponseCache extends ResponseCache implements Closeable
      */
     public void flush() {
         try {
-            delegate.getCache().flush(); // TODO: fix flush() to not throw?
+            delegate.getCache().flush();
         } catch (IOException ignored) {
         }
     }
-- 
cgit v1.1