db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Pendleton <bpendle...@amberpoint.com>
Subject Re: what is the right way to fix the import/export security issues (DERBY-2436, DERBY-2437)?
Date Mon, 09 Jul 2007 21:39:15 GMT
> 1) try to code access privileges in the routines themselves, that is 
> separate from java security manager.  Basically
>    disallow access to derby files by adding code logic to determine if 
> the files being read/written are derby files. 

Instead of trying to write this "negative" logic, figuring out
what files *oughtn't* to be written to, perhaps it would be
easier to specify things the other way, and change import/export
so that they are only capable of reading-from/writing-to a
new, well-known location, which is certain not to contain any
other files of importance.

That is, for each database, we define a new "import/export scratch space",
whose location defaults to something reasonable but can be configured
on a database-by-database basis if necessary, and import only ever
looks for files in that directory, and export only ever writes files
to that directory.



View raw message