db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Re: [jira] Updated: (DERBY-85) NPE when creating a trigger on a table and default schema doesn't exist.
Date Wed, 30 Nov 2005 18:17:01 GMT
Dyre.Tjeldvoll@Sun.COM wrote:
> Daniel John Debrunner <djd@debrunners.com> writes:

>>Why do you need to grant permissions to read all files for the
>>derbyTesting and junit jars?
> 
> 
> I'm sorry, but I think you need to ask the junit developers about
> that.  I don't know exactly which files junit wants to access, but the
> last error I saw (before granting read access to all files), was an
> access exception because junit was trying to read my home directory to
> figure out if there was a junit.properties file there, I think. I
> don't really understand why derbyTesting.jar needs the same access,
> but I assume it is because the Bugs class (which inherits TestCase)
> ends up there...
> 
> I guess it is possible to find the minimal set of file and property
> rights needed by junit, either by reading the junit source, or through
> trial and error, but given the comment in the policy file about not
> trying to make the test harness secure, I didn't think it was worth
> it...

Just trying to understand it. Adding broad permissions, in my mind,
increases the chance of a SecurityManager related bug being hidden.

I think derbyTesting.jar would need the permission because it is in the
calling stack of the junit code, and the junit code is not coded to use
privileged blocks. I don't think it would have anything to do with the
Bugs class, but what do you mean by it "ends up there"? Is junit copying
classes out of derbyTesting.jar?

Dan.


> 
> 
>>Why not just all files under the user.dir?
>>
>>
>>Dan.
>>
>>
> 
> 



Mime
View raw message