db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew McIntyre" <mcintyr...@gmail.com>
Subject Re: [jira] Commented: (DERBY-1273) Sysinfo should print a better message when it gets Security Exceptions accessing classpath info when run under security manager
Date Sat, 06 May 2006 00:36:01 GMT
On 5/5/06, Kathey Marsden <kmarsdenderby@sbcglobal.net> wrote:
>
> I think it is really great that we are getting rid of  the
> getProtectionDomain permission requirement for sysinfo especially if
> DERBY-1272 is implemented as I hope it will be.    If  DERBY-1272 is
> implemented sysinfo will be used often in embedded security manager
> environments and in custom class-loaders where the classpath might have
> a different location than that of the jar being used.
>
> What exactly do we lose by using getResource instead of
> getProtectionDomain?  Might sysinfo ever print a wrong location?

I responded to Kathey on IRC, but I wanted to make sure this was
posted to the list. I don't think we lost anything by not using
getProtectionDomain, since in order to get the Class object to pass
into getProtectionDomain, we would essentially need the same
permissions as we need for getResource. So if we didn't have the
permission for getResource, we wouldn't have the class object to call
the code we had been using that contained getProtectionDomain.

I certainly don't think that in either case a wrong location would
appear. You might not get all the output you are expecting though if
it turns out that sysinfo in a different classloader context than
where your other derby jars are loaded. And speaking of that, I agree
it would be nice if 1272 were implemented.

andrew

Mime
View raw message