db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3083) Network server demands a file called "derbynet.jar" in classpath
Date Fri, 30 Nov 2007 14:20:44 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547151
] 

Rick Hillegas commented on DERBY-3083:
--------------------------------------

Hi Knut. I agree that if someone has subverted getProtectionDomain(), then the fox is already
in the hen house. I think this could be our sequence of operations:

1) Determine the protection domains (e.g. jar files) which will receive privileges.

2) Construct a DerbyPolicy from those protection domains.

3) Install the default SecurityManager with a dummy policy which lets us change policies immediately
afterwards

4) Install the DerbyPolicy (Policy.setPolicy( derbyPolicy ) )

If there is a window of vulnerability, then I sense that it would lie between steps (3) and
(4). However, I don't see a vulnerability right now.

> Network server demands a file called "derbynet.jar" in classpath
> ----------------------------------------------------------------
>
>                 Key: DERBY-3083
>                 URL: https://issues.apache.org/jira/browse/DERBY-3083
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.3.1.4
>            Reporter: Aaron Digulla
>         Attachments: derby-3083-01-requireDerbynet-aa.diff, derby-3083-01-requireDerbynet-ab.diff,
derby-716-10-datatypesCollation-aa.diff
>
>
> The network server will not start if the derbynet jar is added under a different name
than "derbynet.jar" to the classpath. This makes it impossible to use it in maven projects
where the jar is renamed to "derbynet-10.3.1.4.jar".
> This did work with 10.2.2.0

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message