db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Issue Comment Deleted] (DERBY-6648) Application code should not be able to call ContextService.getContextOrNull()
Date Fri, 19 Sep 2014 15:03:33 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas updated DERBY-6648:
    Comment: was deleted

(was: Attaching derby-6741-01-aa-usederbyinternals.diff. This patch guards this method with
a check for usederbyinternals permission. I am running tests now.

I could not make the method private because it is used by EmbedXAResource.

Touches the following files:


M       java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M       java/engine/org/apache/derby/jdbc/EmbedXAResource.java

Add check for usederbyinternals.


M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/ConstraintCharacteristicsTest.java
M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/NewOptimizerOverridesTest.java
M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/resultSetReader.policy

Corresponding changes to tests.


M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java

New test to verify that user code can't call EmbedConnection.getContextManager().

> Application code should not be able to call ContextService.getContextOrNull()
> -----------------------------------------------------------------------------
>                 Key: DERBY-6648
>                 URL: https://issues.apache.org/jira/browse/DERBY-6648
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions:
>            Reporter: Rick Hillegas
>         Attachments: derby-6648-01-aa-oneActionList.diff, derby-6648-01-ab-rototill1.diff,
derby-6648-01-ad-rototill1.diff, derby-6648-01-ae-regressionTests.diff, releaseNote.html
> By calling ContextService.getContextOrNull() (and its relatives), application code can
get its hands on all sorts of internal Derby contexts, factories, and managers. This allows
application code to bypass SQL authorization checks and perform sensitive or data-corrupting
> For instance, right now an application can use this method to get its hands on the language
connection context. From the lcc, the application can get its hands on the data dictionary
and the execution transaction. Armed with those objects, the application can bypass authorization
checks and create schema objects, users, and permissions.
> Only Derby code should be able to call this powerful method.

This message was sent by Atlassian JIRA

View raw message