Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 122DF112E3 for ; Thu, 3 Jul 2014 19:10:34 +0000 (UTC) Received: (qmail 45905 invoked by uid 500); 3 Jul 2014 19:10:33 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 45866 invoked by uid 500); 3 Jul 2014 19:10:33 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 45851 invoked by uid 99); 3 Jul 2014 19:10:33 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Jul 2014 19:10:33 +0000 Date: Thu, 3 Jul 2014 19:10:33 +0000 (UTC) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DERBY-6648) Application code should not be able to call ContextService.getContextOrNull() MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-6648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14051829#comment-14051829 ] Rick Hillegas commented on DERBY-6648: -------------------------------------- Linking to DERBY-6616 since this issue was discovered while studying that bug. > Application code should not be able to call ContextService.getContextOrNull() > ----------------------------------------------------------------------------- > > Key: DERBY-6648 > URL: https://issues.apache.org/jira/browse/DERBY-6648 > Project: Derby > Issue Type: Bug > Components: Services > Affects Versions: 10.11.0.0 > Reporter: Rick Hillegas > > By calling ContextService.getContextOrNull() (and its relatives), application code can get its hands on all sorts of internal Derby contexts, factories, and managers. This allows application code to bypass SQL authorization checks and perform sensitive or data-corrupting actions. > For instance, right now an application can use this method to get its hands on the language connection context. From the lcc, the application can get its hands on the data dictionary and the execution transaction. Armed with those objects, the application can bypass authorization checks and create schema objects, users, and permissions. > Only Derby code should be able to call this powerful method. -- This message was sent by Atlassian JIRA (v6.2#6252)