db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepa Remesh <drem...@gmail.com>
Subject Re: [Fwd: Re: derbynet/getCurrentProperties.java fails]
Date Tue, 18 Oct 2005 20:10:54 GMT
Sorry...missed the attachment with previous mail.

Deepa

On 10/18/05, Deepa Remesh <dremesh@gmail.com> wrote:
> On 10/17/05, Daniel John Debrunner <djd@debrunners.com> wrote:
> >
> > If the permission is not required to run the tests then it must not be
> > in the policy file. Otherwise it increases the chance that the
> > permission is being used for some other incorrect purpose by the engine
> > or network server (etc.) and thus allows bugs to be hidden.
> >
> > If some future test needs network tracing and doesn't set
> > derby.system.home then a much safer approach is for that test to set an
> > explicit tracing directory and have write permission on that directory.
> >
> > A permission such as this is much less likely to hide bugs than the
> > second more general version
> >
> > // very specific permission, less likely to be abused accidentally
> > permission java.io.FilePermission
> > "${user.dir}${/}testPropertiesTraceFiles${/}*", "write";
> >
> > // very generic permission, lots of potential to be used accidentally.
> > permission java.io.FilePermission "${user.dir}${/}*", "write";
> >
> > In the future I would like to re-work the current permissions to be more
> > specific, e.g. ensure all test databases are in
> > ${derby.system.home}/db/, this would separate out the permissions used
> > and needed  by the engine from the permssions used by the network server.
>
> Thanks Dan for explaining in detail.
>
> I did the following:
> 1. Removed write permission for ${user.dir} from derbynet.jar and
> classes directory.
> 2. Granted permission to derbynet.jar to write to ${derby.system.home}
>
> With these changes, I ran derbyall with sane jars. The test
> jdbcapi/secureUsers1.sql failed in derbynetmats and derbynetclientmats
> becasue it needs permission to write CloudLDAP.out to ${user.dir}. I
> added this permission to derbynet.jar and classes directory. After
> this change, I reran the test jdbcapi/secureUsers1.sql in all
> frameworks with both sane jars and classes. No failures.
>
> I have attached a patch for test policy file with this mail. Here is a
> summary of the patch:
> 1. Removes the following permission from derbynet.jar and classes
> directory. This is not required after the patch for DERBY-375.
> permission java.io.FilePermission "${user.dir}${/}*", "write";
>
> 2. Grants the following permission to derbynet.jar. This is required
> since tracing file location now defaults to ${derby.system.home}. The
> test derbynet/getCurrentProperties.java uses this.
> // tracing files default to derby.system.home,
> derbynet/getCurrentProperties.java
> permission java.io.FilePermission "${derby.system.home}${/}*", "write";
>
> 3. Grants the following permission to derbynet.jar and classes
> directory. This is required by the test jdbcapi/secureUsers1.sql when
> run using sane builds.
> // sane=true, jdbcapi/secureUsers1.sql
> permission java.io.FilePermission "${user.dir}${/}CloudLDAP.out", "write";
>
> Please look into this patch and commit if okay.
>
> Deepa
>

Mime
View raw message