db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (DERBY-6630) Applications can use JCECipherFactory to elevate their privileges to those granted to Derby
Date Mon, 29 Sep 2014 18:55:35 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas reassigned DERBY-6630:
------------------------------------

    Assignee: Rick Hillegas

> Applications can use JCECipherFactory to elevate their privileges to those granted to
Derby
> -------------------------------------------------------------------------------------------
>
>                 Key: DERBY-6630
>                 URL: https://issues.apache.org/jira/browse/DERBY-6630
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.11.1.1
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>             Fix For: 10.12.0.0
>
>         Attachments: derby-6630-01-aa-usederbyinternals.diff
>
>
> JCECipherFactory.run() performs security-sensitive operations. It is executed in a privilege
block by the init() method, which is, in turn, executed by the public constructor. The class
and its corresponding factory are public, which means that any code running in the same JVM
can run this security-sensitive code with the privileges granted to Derby.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message