db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren (JIRA)" <j...@apache.org>
Subject [jira] Closed: (DERBY-2331) Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace except for public apis.
Date Sat, 07 Jul 2007 17:10:04 GMT

     [ https://issues.apache.org/jira/browse/DERBY-2331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Myrna van Lunteren closed DERBY-2331.
-------------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 10.3.1.0)
                   10.3.1.1

> Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace
except for public apis.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2331
>                 URL: https://issues.apache.org/jira/browse/DERBY-2331
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Daniel John Debrunner
>            Assignee: Daniel John Debrunner
>             Fix For: 10.3.0.0, 10.3.1.1
>
>
> Since Derby is open source and (obviously) contains the code to read database files and
is modular the potential exists that routines could utilize code on the classpath to read/modify
database information directly, bypassing SQL level security.
> Derby is a special case here as it is known that Derby code will be on the classpath
and that it will have the correct permissions to read/write database files.
> Existing routines from upgraded databases will fail at execute time when they try to
resolve such classes.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message