db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Re: [jira] Commented: (DERBY-668) SysInfo can give misleading information when JDBC jars are loaded from jre/lib/ext
Date Fri, 02 Dec 2005 01:37:25 GMT
Andrew McIntyre (JIRA) wrote:

>     [ http://issues.apache.org/jira/browse/DERBY-668?page=comments#action_12359113 ]

> 
> Andrew McIntyre commented on DERBY-668:
> ---------------------------------------
> 
> Hi Dan, I was looking at the 1.3.1 javadoc at the time, it's not very specific about
the security ramifications of the methods in question. oh well.
> 
> Anyway, if we didn't have permissions to access the class,
> we'd already be in trouble by the time this code was called,
> since we would have already attempted to load the class to pass it
into the getFileWhichLoadedClass method.

No, permission to load the class is not the same as permission to read
the content's of the class file, e.g. analyze its byte code.

I can't (yet) find any supporting documentation that says a ClassLoader
must (should?) not return information for a .class file.

There are a number of Sun/Java bugs on the issue, indicating return a
class file is not a good thing to do.

Dan.



Mime
View raw message