db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Application code inspecting Derby's embedded objects
Date Fri, 06 Jan 2006 01:44:27 GMT
Rick Hillegas wrote:

> These are useful checks. It reminds me of how vulnerable we are given
> all the ways that users can inject code into the database. A malicious
> or buggy function/procedure/aggregate/adt/vti could probably find a way
> to mount a denial of service attack. Our user documentation should point
> out the importance of tightly restricting who can inject code. As you
> note, GRANT/REVOKE will be our first line of defense.

Denial of service attacks will be the hardest to prevent, some are easy
to prevent, such as the routine calling System.exit. Others such as
eating up runtime resources (cpu time & memory), or throwing a
java.lang.VirtualMachineError exception are harder to prevent.


View raw message