db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (DERBY-6521) Improve error handling when restricting file permissions
Date Wed, 23 Apr 2014 13:02:17 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6521?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Knut Anders Hatlen resolved DERBY-6521.

       Resolution: Fixed
    Fix Version/s:

> Improve error handling when restricting file permissions
> --------------------------------------------------------
>                 Key: DERBY-6521
>                 URL: https://issues.apache.org/jira/browse/DERBY-6521
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>             Fix For:
>         Attachments: d6521-1a.diff, d6521-1b.diff
> In DERBY-6503 there was some discussion about changing how errors are handled when Derby
fails to restrict the file permissions.
> There seemed to be consensus that Derby should raise an exception if the user had explicitly
requested (by setting derby.storage.useDefaultFilePermissions=false) that it should try to
restrict file permissions. Currently, it only raises an error on non-posix file systems that
support access control lists.
> In the case were the user has not explicitly requested restriction of file permissions,
two options have been suggested:
> 1) Raise an exception
> 2) Don't raise an exception, possibly print a warning in derby.log
> Option 1 is the more secure one, since it forces the user to make a decision on how to
handle a possible security problem (either by addressing the underlying cause of the failure,
so that permissions can be successfully restricted by Derby, or by disabling the file restriction
> Option 2 is the more backward compatible one, since it gracefully falls back to the pre-10.10/pre-Java
7 behaviour if it cannot restrict the file permissions.

This message was sent by Atlassian JIRA

View raw message