db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JavaRoutineSecurity" by DanDebrunner
Date Thu, 18 Jan 2007 16:07:05 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/JavaRoutineSecurity

------------------------------------------------------------------------------
  Permission to set database classpath is limited by the permission to execute SYSCS_UTIL.SET_DATABASE_PROPERTY.
  No restriction is placed on which jar files can be added to the database classpath.
  
- In terms of the functionality described by SQL Standard Part 13 setting the database classpath
is equivalent to:
+ In terms of the functionality described by SQL Standard Part 13 setting the database classpath
is analogous to:
   * Implicitly granting USAGE to PUBLIC on any jar file listed in derby.database.classpath
-  * Implicitly setting any installed jar's classpath (See SQLJ.ALTER_JAVA_PATH) to the value
of derby.database.classpath.
+  * Implicitly setting any installed jar's classpath (See SQLJ.ALTER_JAVA_PATH) to the value
of `derby.database.classpath`.
+ 
+ The analogy breaks down when a class exists in multiple installed jars. E.g. assume an entry
point class references a class `Next` and `Next` exists in multiple jars on `derby.database.classpath`.
With Derby `Next` will be resolved from the first jar in `derby.database.classpath`. With
the SQL Standard rules `Next` would first be resolved from the jar the entry point came from.
Thanks to Rick Hillegas for pointing this out.
  
  == Potential Security Risks ==
  
@@ -130, +132 @@

   * Any user can create a Java routine against a public static method in DBCP and thus can
exploit any '''potential''' security risks described by APPJARBUG.
   * Installed jars can contain (malicious) code that can exploit '''potential''' security
risks described by JREBUG, CPBUG, DERBYBUG or APPJARBUG.
  === Improving Java Routine Security in 10.3 onwards ===
+ Discussion and issue tracking is under [http://issues.apache.org/jira/browse/DERBY-2206
DERBY-2206].
  To reduce the '''potential''' security risks these steps could be taken:
  || '''What''' || '''Jira''' || '''Description''' ||
  |||||| These reduce security vulnerabilities and allow behaviour to match 10.2 ||

Mime
View raw message