db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2206) Provide complete security model for Java routines
Date Fri, 19 Jan 2007 17:24:30 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466107

Daniel John Debrunner commented on DERBY-2206:

SYS.JRE - Right, I was thinking about that this morning and it ities into the other thread
about bootclasspath and the ability to tell if a class is on the bootclasspath. I think SYS.JRE
really means any class on the boot class path, but currently the decision needs to be made
before the class is loaded. That is decide to load from the jar classloader or delegate elsewhere.
A possible alternative is to load any class using the default mechamism and then decide if
it belongs to the JRE or not and make decisions off that.

One more factor is seeing if the statement below has been extended to all classes defined
in J2SE or continues to be just the java.* classes:

"First, the ClassLoader will not attempt to load any classes in java.* packages from over
the network. "


Possibly if the statement above continues to be true (limited to java.*) and this is sufficient
for security of the JVM then it's sufficient for Derby and SYS.JRE could just mean the java.*

> Provide complete security model for Java routines
> -------------------------------------------------
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>             Fix For:
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for user-created
objects such as Functions and Procedures. In the future this may include Aggregates and Function
Tables also. The issues are summarized on the following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
Plugin management can be tracked by this JIRA rather than by DERBY-2109. This is a master
JIRA to which subtasks can be linked.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message