db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2331) Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace except for public apis.
Date Tue, 13 Feb 2007 17:30:05 GMT
Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace
except for public apis.
------------------------------------------------------------------------------------------------------------------

                 Key: DERBY-2331
                 URL: https://issues.apache.org/jira/browse/DERBY-2331
             Project: Derby
          Issue Type: Improvement
          Components: Security
            Reporter: Daniel John Debrunner
         Assigned To: Daniel John Debrunner
             Fix For: 10.3.0.0


Since Derby is open source and (obviously) contains the code to read database files and is
modular the potential exists that routines could utilize code on the classpath to read/modify
database information directly, bypassing SQL level security.

Derby is a special case here as it is known that Derby code will be on the classpath and that
it will have the correct permissions to read/write database files.

Existing routines from upgraded databases will fail at execute time when they try to resolve
such classes.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message