Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 16509 invoked from network); 2 Dec 2005 01:38:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 2 Dec 2005 01:38:09 -0000 Received: (qmail 42133 invoked by uid 500); 2 Dec 2005 01:38:08 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 42099 invoked by uid 500); 2 Dec 2005 01:38:07 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 42089 invoked by uid 99); 2 Dec 2005 01:38:07 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2005 17:38:07 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [32.97.182.142] (HELO e2.ny.us.ibm.com) (32.97.182.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2005 17:39:34 -0800 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by e2.ny.us.ibm.com (8.12.11/8.12.11) with ESMTP id jB21bWnL030431 for ; Thu, 1 Dec 2005 20:37:32 -0500 Received: from d01av02.pok.ibm.com (d01av02.pok.ibm.com [9.56.224.216]) by d01relay04.pok.ibm.com (8.12.10/NCO/VERS6.8) with ESMTP id jB21bSFb108996 for ; Thu, 1 Dec 2005 20:37:32 -0500 Received: from d01av02.pok.ibm.com (loopback [127.0.0.1]) by d01av02.pok.ibm.com (8.12.11/8.13.3) with ESMTP id jB21bSPd015672 for ; Thu, 1 Dec 2005 20:37:28 -0500 Received: from [127.0.0.1] (sig-9-48-108-75.mts.ibm.com [9.48.108.75]) by d01av02.pok.ibm.com (8.12.11/8.12.11) with ESMTP id jB21bQ38015610 for ; Thu, 1 Dec 2005 20:37:27 -0500 Message-ID: <438FA555.5060408@debrunners.com> Date: Thu, 01 Dec 2005 17:37:25 -0800 From: Daniel John Debrunner User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: derby-dev@db.apache.org Subject: Re: [jira] Commented: (DERBY-668) SysInfo can give misleading information when JDBC jars are loaded from jre/lib/ext References: <356846996.1133486432942.JavaMail.jira@ajax.apache.org> In-Reply-To: <356846996.1133486432942.JavaMail.jira@ajax.apache.org> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Andrew McIntyre (JIRA) wrote: > [ http://issues.apache.org/jira/browse/DERBY-668?page=comments#action_12359113 ] > > Andrew McIntyre commented on DERBY-668: > --------------------------------------- > > Hi Dan, I was looking at the 1.3.1 javadoc at the time, it's not very specific about the security ramifications of the methods in question. oh well. > > Anyway, if we didn't have permissions to access the class, > we'd already be in trouble by the time this code was called, > since we would have already attempted to load the class to pass it into the getFileWhichLoadedClass method. No, permission to load the class is not the same as permission to read the content's of the class file, e.g. analyze its byte code. I can't (yet) find any supporting documentation that says a ClassLoader must (should?) not return information for a .class file. There are a number of Sun/Java bugs on the issue, indicating return a class file is not a good thing to do. Dan.