db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-467) Restrict direct access to priviliged blocks from application code
Date Tue, 30 Jun 2009 14:53:47 GMT

     [ https://issues.apache.org/jira/browse/DERBY-467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik updated DERBY-467:
--------------------------------

    Component/s: Miscellaneous

> Restrict direct access to priviliged blocks from application code
> -----------------------------------------------------------------
>
>                 Key: DERBY-467
>                 URL: https://issues.apache.org/jira/browse/DERBY-467
>             Project: Derby
>          Issue Type: Improvement
>          Components: Miscellaneous
>    Affects Versions: 10.1.1.0, 10.2.1.6
>            Reporter: Daniel John Debrunner
>
> In looking at the privilged blocks in Derby  several are accessible from application
code, either as in public/protected methods and public classes. The fix for this includes:
> - making packages in the jar files sealed wherever possible
> - making classes and methods with privilged blocks  as private as possible (private or
package for methods, package for classes)
> As Derby moves towards a more client server approach (e.g. see grant/revoke) I started
to perform a security analysis of the priviliged blocks, but realised it would be easier if
I fixed the obvious problems first.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message