Description of problem: Java class java.net.URL (used in "our" class ...frontend.nav.NavCache) is doing doing dns requests on "equals(Object)" and "hashCode()" method calls. This may lead to performance issues and information leakage. Version-Release number of selected component (if applicable): spacewalk-java-1.7.54-108.el5sat How reproducible: always/deterministic Steps to Reproduce: Simple code that shows this behaviour is: equals... (Example1.java) > import java.net.URL; > > public class Example1 { > > public static void main (String[] args) { > try { > URL url1 = new URL("http://www.example.com/"); > URL url2 = new URL("http://www.example.com/"); > if (url1.equals(url2)) { > System.out.println ("Yes!"); > } else { > System.out.println ("No!"); > } > } catch (Exception e) { > System.out.println(e.toString()); > } > } > } hashCode... (Example2.java) > import java.net.URL; > > public class Example2 { > > public static void main (String[] args) { > try { > URL url = new URL("http://www.example.com/"); > System.out.println("Hash is: " + url.hashCode()); > } catch (Exception e) { > System.out.println(e.toString()); > } > } > } # javac Example1.java # javac Example2.java # strace -e trace=network -f java Example1 # strace -e trace=network -f java Example2 Actual results: Thing does dns requests... ... > [pid 6522] connect(53, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(...)} ... > [pid 6522] sendto(53, "\207\33\1\0\0\1\0\0\0\0\0\0\3www\7example\3com\0\0\34\0"..., 33, MSG_NOSIGNAL, NULL, 0) = 33 > [pid 6522] recvfrom(53, "\207\33\201 .... ... Expected results: This is probably how java.net.URL is supposed to behave :-/. But we may really reconsider its use in our code. Maybe plain String or java.net.URI? Just something that does not connect to the network... Aditional info: We use this ugly beast in com.redhat.rhn.frontend.nav.NavCache.