db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nirmal Fernando <nirmal070...@gmail.com>
Subject Re: Additional Permission request to PlanExporter tool's tests
Date Sun, 11 Jul 2010 15:07:16 GMT
Thanks Kathey and Knut for pointing that out.

Knut, thank you very much for your explanation.
I'll make the code change.

On Sun, Jul 11, 2010 at 8:33 PM, Knut Anders Hatlen
<knut.hatlen@oracle.com> wrote:
> Nirmal Fernando <nirmal070125@gmail.com> writes:
>> Do I have to perform IO operations like following?
>> AccessController.doPrivileged
>>             (new java.security.PrivilegedAction() {
>>                     public Object run() {
>> //IO operations
>> }
>> }
> Yes, exactly. You only need this around the call that creates the
> FileOutputStream, not around every write() call on that stream.
>> Any documentation on this would be really nice.
> I haven't seen any document describing how to use it in Derby, but I
> think the basic rule is that any call to a method that can raise a
> SecurityException should be put inside a doPrivileged block, so that we
> don't need to grant permissions to all jars in the call
> stack.
> Unfortunately, we don't have any way to enforce this policy at build
> time, but we run the tests under a security manager with a small set of
> privileges granted to try to detect if we've missed something.
> --
> Knut Anders

Best Regards,

C.S.Nirmal J. Fernando
Department of Computer Science & Engineering,
Faculty of Engineering,
University of Moratuwa,
Sri Lanka.

View raw message