db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject security-related incompatibility to be introduced by Derby 10.3
Date Mon, 04 Jun 2007 21:13:08 GMT
The upcoming release of Derby 10.3 will make networked configurations 
safer by installing a Java security manager if the user forgets to 
install one. This will happen only if the user boots the network server 
without installing a security manager. As a result, it will be harder 
for hackers to corrupt multi-user applications and shared machines. A 
new command line option will turn off this default behavior. If the 
disabling command line option is specified, then the network server will 
boot without installing a security manager just as it does today in 
release 10.2.

This added security introduces some incompatibilities between 10.3 and 
the previous 10.2 release:

1) Application startup may run a little slower as Derby performs initial 
access checks on referenced tables.

2) SecurityExceptions may occur if user-written functions and procedures 
perform sensitive operations such as file i/o and system property 
manipulation.

For more information on this security enhancement, please see the 
release note attached to http://issues.apache.org/jira/browse/DERBY-2757

Please speak up if you think that these incompatibilities will be 
intolerable.

Thanks,
-Rick



Mime
View raw message