db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Logan (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-4996) Security: Add a new Derby Java Option to specify the location of the derby.properties to a different folder than the databases.
Date Wed, 02 Feb 2011 18:17:29 GMT
Security: Add a new Derby Java Option to specify the location of the derby.properties to a
different folder than the databases.
-------------------------------------------------------------------------------------------------------------------------------

                 Key: DERBY-4996
                 URL: https://issues.apache.org/jira/browse/DERBY-4996
             Project: Derby
          Issue Type: Improvement
          Components: Network Server
         Environment: N/A
            Reporter: Doug Logan
            Priority: Minor


Presently the derby.properties file is found based on:
-Dderby.system.home

This is also the location where the databases are stored.

As a result for Java Security you have to enable read/write/delete within this folder and
all sub-folders to allow normal operations for databases. In doing so you are granting read/write/delete
on the derby.properties file.

If a vulnerability was ever found in the derby.jar that allowed arbitrary writing of files
an attacker could then overwrite the derby.properties file to create additional users, or
otherwise change the configuration to get access to more data.

If the derby.properties file could exist in a different folder than the databases you could
configure your Java Security file not to allow this file to be overwritten or changed. This
would then protect a key configuration file.

I understand there are additional ways to secure data in a database, but this should be a
very small change that would give a lot more options as far as security is concerned.


-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message