db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Thalamati <suresh.thalam...@gmail.com>
Subject Re: corrupt disk io storage factory for testing.
Date Fri, 15 Apr 2005 23:00:41 GMT
Hi David,

I  Don't quite understand how making few internal class constructors 
puiblic poses security risk, guess I need  to
do some more reading in this area. In the existing code anyone can 
instantiate the disk storage factory and use it:
package org.apache.derby.impl.io:
public class DirStorageFactory extends BaseStorageFactory  implements 
WritableStorageFactory

Does the above class definition poses any security risks  ? 

My guess is it does not because there are no privelaged blocks inside  
this factory implementation.  Derby Raw Store
accesses the  DirStoreageFactory class methods under priveleged blocks 
when needed. 

Thanks
-suresh

David Van Couvering wrote:

> Maybe I'm missing something, but isn't making internal classes public 
> an inherent security risk?  Unless these APIs do security checks 
> (authorization checks of an authenticated user), then they shouldn't 
> be public, IMHO.  This is especially risky given that Derby supports 
> server-side Java...
>
> Thanks,
>
> David
>
> Suresh Thalamati wrote:
>
>>
>> Hi,
>>
>>  I  am looking at  creating a new corruptible storage factory by 
>> extending the engine's disk storage factory.
>>  Purpose of this is to do explicitly corrupt the  IO and do some 
>> recovery testing.  Thought ideal place
>>  for the corruptible storage factory is to be in the test code 
>> utilities not in the code line.  But  I ran into a simple obstacle ,
>>  constructors in the  org.apache.derby.impl.io.DirFile etc are 
>> package protected. So I am  unable to extend the disk storage
>>  factory classes successfully .
>>
>>  I was  wondering  if  there was any reason for not making 
>> constructors public or it was just that there was not requirement to 
>> do ?
>>  If no one has any objections I would like  to  modify them to be 
>> accessible outside  org.apache.derby.impl.io.*  package ?
>>
>> Thanks
>> -suresht
>>
>>
>



Mime
View raw message