db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-467) Restrict direct access to priviliged blocks from application code
Date Tue, 18 Jul 2006 20:41:14 GMT
     [ http://issues.apache.org/jira/browse/DERBY-467?page=all ]

Daniel John Debrunner updated DERBY-467:
----------------------------------------

    Issue Type: Improvement  (was: Bug)

> Restrict direct access to priviliged blocks from application code
> -----------------------------------------------------------------
>
>                 Key: DERBY-467
>                 URL: http://issues.apache.org/jira/browse/DERBY-467
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 10.1.1.0, 10.2.0.0
>            Reporter: Daniel John Debrunner
>         Assigned To: Daniel John Debrunner
>
> In looking at the privilged blocks in Derby  several are accessible from application
code, either as in public/protected methods and public classes. The fix for this includes:
> - making packages in the jar files sealed wherever possible
> - making classes and methods with privilged blocks  as private as possible (private or
package for methods, package for classes)
> As Derby moves towards a more client server approach (e.g. see grant/revoke) I started
to perform a security analysis of the priviliged blocks, but realised it would be easier if
I fixed the obvious problems first.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message