db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2908) 10.3.1.0 / 1.1.0 Derby eclipse plugin gives security error referring to user.dir read permission because derby.system.home is set to '.'
Date Sun, 08 Jul 2007 15:47:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510981
] 

Myrna van Lunteren commented on DERBY-2908:
-------------------------------------------

After some more thinking, I realized that even though the solution to modify the plugins is
valid, we cannot do away with the user.dir read permissions...The change of the default would
only affect new projects; existing projects (that did not have the default modified, which
I would think are most) will still have the ',' as derby.system.home, thus causing the security
error without the user.dir read permission.

So, we'll live with the work-around of keeping the user.dir read permission in the default
policy, and we can implement the change to the plugin e.g. in version 10.4...
At that time, it would probably be a good idea to add functionality to the plugin to enable
editing the default policy.

I'll log a new bug, and closing this one as fixed (and roll it into the release notes).

> 10.3.1.0 / 1.1.0 Derby eclipse plugin gives security error referring to user.dir read
permission because derby.system.home is set to '.'
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2908
>                 URL: https://issues.apache.org/jira/browse/DERBY-2908
>             Project: Derby
>          Issue Type: Bug
>          Components: Eclipse Plug-in
>    Affects Versions: 10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
>         Environment: eclipse 3.2.1 with derby 10.3.1.0 core plugin, ui and doc plugin
1.1.0.
>            Reporter: Myrna van Lunteren
>         Attachments: derby-2908-patchDefaultPolicy-01.diff, DERBY-2908_plugin111.diff,
DERBY-2908_plugin111.stat, derby_ecplipse_plugins_1.1.1_2908.zip
>
>
> The Derby nature sets by default -Dderby.system.home=. (set in plugins/eclipse/org.apache.derby.ui/src/org/apache/derby/ui/properties/DerbyProperties.java
and checked in plugins/eclipse/org.apache.derby.ui/src/org/apache/derby/uitl/DerbyServerUtils.java)
> With the default security policy, however, such a setting for ij & NetworkServerControl
results in a security error in ij.
> (See stack in thread: http://www.nabble.com/10.3.1.0b-eclipse-plugin---default-security-tf4030218.html)
> It's possible this is a bug in itself...
> One work around is to add the following permission to the default policy file:
> permission java.util.PropertyPermission "user.dir", "read";
> Another solution is to not set the derby.system.home to anything by default, and if it's
not set to anything, not pass on -Dderby.system.home= to the networkserver process (specifying
-Dderby.system.home= without a value fails to start networkserver).
> This would mean increasing the version of the plugins. To 1.1.1?
> Yet another thing would be to adjust the plugin to handle adjusting the security policy...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message