Return-Path: 
 <derby-dev-return-30015-apmail-db-derby-dev-archive=db.apache.org@db.apache.org>
Delivered-To: apmail-db-derby-dev-archive@www.apache.org
Received: (qmail 41635 invoked from network); 18 Sep 2006 10:01:46 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 18 Sep 2006 10:01:46 -0000
Received: (qmail 55997 invoked by uid 500); 18 Sep 2006 10:01:45 -0000
Delivered-To: apmail-db-derby-dev-archive@db.apache.org
Received: (qmail 55965 invoked by uid 500); 18 Sep 2006 10:01:45 -0000
Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:derby-dev-help@db.apache.org>
List-Unsubscribe: <mailto:derby-dev-unsubscribe@db.apache.org>
List-Post: <mailto:derby-dev@db.apache.org>
List-Id: <derby-dev.db.apache.org>
Reply-To: <derby-dev@db.apache.org>
Delivered-To: mailing list derby-dev@db.apache.org
Received: (qmail 55931 invoked by uid 99); 18 Sep 2006 10:01:45 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Sep 2006 03:01:45 -0700
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Sep 2006 03:01:40 -0700
Received: from brutus (localhost [127.0.0.1])
	by brutus.apache.org (Postfix) with ESMTP id A3F1C7142F4
	for <derby-dev@db.apache.org>; Mon, 18 Sep 2006 09:57:27 +0000 (GMT)
Message-ID: <4022046.1158573447667.JavaMail.jira@brutus>
Date: Mon, 18 Sep 2006 02:57:27 -0700 (PDT)
From: "Kristian Waagan (JIRA)" <derby-dev@db.apache.org>
To: derby-dev@db.apache.org
Subject: [jira] Updated: (DERBY-1656) Define & implement directory structure
 for JUnit tests to allow clear separation of security access for derby
 testing and product jar files.
In-Reply-To: <6109198.1155142634329.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

     [ http://issues.apache.org/jira/browse/DERBY-1656?page=all ]

Kristian Waagan updated DERBY-1656:
-----------------------------------

        Summary: Define & implement directory structure for JUnit tests to allow clear separation of security access for derby testing and product jar files.  (was: Define & implement direcory structure for JUnit tests to allow clear separation of security access for derby tetsing and product jar files.)
    Description: 
Discussion in this thread highlights the risk with the current (old test harness) approach of granting access to the testing code (the user application) to read the database files themselves.

http://mail-archives.apache.org/mod_mbox/db-derby-dev/200608.mbox/%3c44D9EB37.6020503@sbcglobal.net%3e

Policy suggested is:

${derby.system.home}
Access only given to derby.jar/derbynet.jar, derbytools should not be
reading files in the system home, derbytesting should only be able to
access limited files, such as derby.log and derby.properties. The value
of derby.system.home must not fall under any of the following folders,
e.g. for the default case ${user.dir}/dsh would be good.

${user.dir}/databases
   All databases created under this folder when derby.system.home is not
set, access would only be granted to derby.jar

${user.dir}/extin,extout,extinout
   Access granted as today

${user.dir}/tests
   Folder test scripts, fail logs etc. permissions granted to
derbytesting, maybe derbytools but not derby.jar & derbynet.jar


Note that ideally tests should not be written to assume anything about the database name or its location, that way we could have multiple sets of Junit tests running in parallel, e.g. one against database  'wombat1' in ${derby.system.home}, one against  databases/wombat2 in ${user.dir}.
Eventually the same would apply for multiple derby systems in different classloaders (DERBY-700),  so any scheme should take these desires into account.

  was:
Discussion in this thread highlights the risk with the current (old test harness) approach of granting access to the testing code (the user application) to read the database files themselves.

http://mail-archives.apache.org/mod_mbox/db-derby-dev/200608.mbox/%3c44D9EB37.6020503@sbcglobal.net%3e

Policy suggested is:

${derby.system.home}
Access only given to derby.jar/derbynet.jar, derbytools should not be
reading files in the system home, derbytesting should only be able to
access limited files, such as derby.log and derby.properties. The value
of derby.system.home must not fall under any of the following folders,
e.g. for the default case ${user.dir}/dsh would be good.

${user.dir}/databases
   All databases created under this folder when derby.system.home is not
set, access would only be granted to derby.jar

${user.dir}/extin,extout,extinout
   Access granted as today

${user.dir}/tests
   Folder test scripts, fail logs etc. permissions granted to
derbytesting, maybe derbytools but not derby.jar & derbynet.jar


Note that ideally tests should not be written to assume anything about the database name or its location, that way we could have multiple sets of Junit tests running in parallel, e.g. one against database  'womba1t' in ${derby.system.home}, one against  databases/wombat2 in ${user.dir}.
Eventually the same would apply for multiple derby systems in different classloaders (DERBY-700),  so any scheme should take these desires into account.


Fixed a few typos; buggy fingers or a buggy T key on the keyboard :)

> Define & implement directory structure for JUnit tests to allow clear separation of security access for derby testing and product jar files.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1656
>                 URL: http://issues.apache.org/jira/browse/DERBY-1656
>             Project: Derby
>          Issue Type: Improvement
>          Components: Test
>            Reporter: Daniel John Debrunner
>
> Discussion in this thread highlights the risk with the current (old test harness) approach of granting access to the testing code (the user application) to read the database files themselves.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200608.mbox/%3c44D9EB37.6020503@sbcglobal.net%3e
> Policy suggested is:
> ${derby.system.home}
> Access only given to derby.jar/derbynet.jar, derbytools should not be
> reading files in the system home, derbytesting should only be able to
> access limited files, such as derby.log and derby.properties. The value
> of derby.system.home must not fall under any of the following folders,
> e.g. for the default case ${user.dir}/dsh would be good.
> ${user.dir}/databases
>    All databases created under this folder when derby.system.home is not
> set, access would only be granted to derby.jar
> ${user.dir}/extin,extout,extinout
>    Access granted as today
> ${user.dir}/tests
>    Folder test scripts, fail logs etc. permissions granted to
> derbytesting, maybe derbytools but not derby.jar & derbynet.jar
> Note that ideally tests should not be written to assume anything about the database name or its location, that way we could have multiple sets of Junit tests running in parallel, e.g. one against database  'wombat1' in ${derby.system.home}, one against  databases/wombat2 in ${user.dir}.
> Eventually the same would apply for multiple derby systems in different classloaders (DERBY-700),  so any scheme should take these desires into account.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira