db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2330) Disallow user-defined SQL routines to resolve to entry points (methods in classes) in the org.apache.derby.* namespace
Date Tue, 13 Feb 2007 17:26:05 GMT
Disallow user-defined SQL routines to resolve to entry points (methods in classes) in the org.apache.derby.*
namespace
----------------------------------------------------------------------------------------------------------------------

                 Key: DERBY-2330
                 URL: https://issues.apache.org/jira/browse/DERBY-2330
             Project: Derby
          Issue Type: Improvement
          Components: Security, SQL
            Reporter: Daniel John Debrunner
         Assigned To: Daniel John Debrunner
             Fix For: 10.3.0.0


Disallowing routines from accessing Derby code directly stops the potential of remote code
exploiting any security holes in Derby.

Derby code can be seen as a special case since it is known that the Derby code will be on
the classpath.

Disallowing such routines makes security analysis easier and safer rather than trying to guarantee
every public static method in Derby can not expose secured information.

Routines in existing applications (in upgraded databases) that map to such Derby methods will
fail at execute time.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message