db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Edited] (DERBY-5363) Tighten default permissions of DB files with >= JDK6
Date Fri, 23 Sep 2011 19:55:28 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13113692#comment-13113692
] 

Dag H. Wanvik edited comment on DERBY-5363 at 9/23/11 7:54 PM:
---------------------------------------------------------------

Kathey, the present releasenotes.html summarizes the behavior, I think. Since this is a system
level property, we make no difference between existing and new databases. If one starts the
(new) CLI server, it will treat existing and new databases the same, as well as system level
files (e.g. server trace files): all files and directories created will be restricted to the
owner. The permissions of existing files are not touched. To get the old behavior for the
CLI server the property must be used.

      was (Author: dagw):
    Kathey, the present releasenotes.html summarizes the behavior, I think. Since this is
a system level property, we make no difference between existing and new databases. If one
starts the (new) CLI server, it will treat existing and new databases the same, as well as
system level files (e.g. server trace files): all files and directories created will be restricted
to the owner. The permissions of existing files are not touched.
  
> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>          Components: Miscellaneous, Services, Store
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>         Attachments: derby-5363-basic-1.diff, derby-5363-basic-1.stat, derby-5363-basic-2.diff,
derby-5363-basic-2.stat, derby-5363-basic-3.diff, derby-5363-basic-3.stat, derby-5363-full-1.diff,
derby-5363-full-1.stat, derby-5363-full-2.diff, derby-5363-full-2.stat, derby-5363-full-3.diff,
derby-5363-full-3.stat, derby-5363-full-4.diff, derby-5363-full-4.stat, derby-5363-server-1.diff,
permission-5.diff, permission-5.stat, permission-6.diff, permission-6.stat, property-table.png,
releaseNote.html, releaseNote.html, releaseNote.html, releaseNote.html, z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message