db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kathey Marsden <kmarsdende...@sbcglobal.net>
Subject Re: Security Manager Testing coverage if user code does not have access to the database directory
Date Wed, 09 Aug 2006 17:25:21 GMT
Daniel John Debrunner wrote:

> someone (I
>think you) had already prepared it by running the network server under
>the security manager.
>
>  
>
You know since you brought this up, I have an ancient history question 
for you.    I did put that in many years ago.
At the time I  thought network server offered a good framework for 
testing  under security manager because we could start the server with 
restricted permissions and then get  some security manager coverage for 
Derby embedded through Network Server.    As you started working on 
bringing embedded on-line and getting the specific jar permissions 
separated, you had indicated that really the old network server testing  
didn't add much in terms of coverage, but I was always very confused by 
that, because looking back at the policy file, I see that permissions 
were restricted on the server side and I do recall the effort popping 
several bugs.  Still, I think I must have a core misunderstanding of  
security manager and wonder if you might be willing to elaborate your 
assessment  for my edification.

Thanks

Kathey




Mime
View raw message