db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2556) Code paths for db restore do not use doPrivileged-calls, causing SecurityException
Date Thu, 10 May 2007 10:30:15 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12494696

Kristian Waagan commented on DERBY-2556:

There is at least a problem in the following code in BaseDataFileFactory. Not sure how to
interpret the comment, but I think adding more doPrivileged-blocks is the right approach.
Any comments on this?

	private void restoreDataDirectory(String backupPath) 
        throws StandardException
        File bsegdir;   //segment directory in the backup
        File backupRoot = new java.io.File(backupPath);	//root dir of backup db
        /* To be safe we first check if the backup directory exist and it has
         * atleast one seg* directory before removing the current data directory.
         * This will fail with a security exception unless the database engine 
         * and all its callers have permission to read the backup directory.
        String[] bfilelist = backupRoot.list();
        if(bfilelist !=null)
            boolean segmentexist = false;
            for (int i = 0; i < bfilelist.length; i++) 
                //check if it is a  seg* directory
                    bsegdir = new File(backupRoot , bfilelist[i]);
                    if(bsegdir.exists() && bsegdir.isDirectory())
                        segmentexist = true;

> Code paths for db restore do not use doPrivileged-calls, causing SecurityException
> ----------------------------------------------------------------------------------
>                 Key: DERBY-2556
>                 URL: https://issues.apache.org/jira/browse/DERBY-2556
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions:,
>         Environment: Derby running with a security manager.
>            Reporter: Kristian Waagan
>         Assigned To: Kathey Marsden
>             Fix For:
>         Attachments: derby-2556_diff.txt, derby-2556_stat.txt
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a database from a
backup image, a SecurityException is thrown even though the policyfile for codebase derby.jar
is correctly configured (giving Derby access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments): https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the "application-level
code", or granting the required permissions to the application codebase as well.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message