db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Server: deny connection to directories outside of known directories
Date Tue, 06 Nov 2007 13:37:48 GMT
Daniel Noll wrote:
> Hi all.
>
> Is there some way for the Derby server to allow custom code to determine 
> whether a directory can be opened for a database?  I read something about a 
> policy file but that doesn't really suit our use case as the list of 
> directories can be changed by the admin at runtime.
>
> Daniel
>   
Hi Daniel,

In 10.4 we are adding two system privileges, tracked by DERBY-2109. One 
of these privileges is related to your concern. It is a system privilege 
which limits database creation to specific locations in the file system. 
The functional spec attached to DERBY-2109 explains this in greater 
detail. This feature is being built on top of Java's security mechanism 
and will be managed by a policy file as you say.

If you are interested, you might want to read that functional spec: 
http://issues.apache.org/jira/secure/attachment/12354506/systemPrivs.html 
It may provide the foundation for the feature you need.

Hope this helps,
-Rick

Mime
View raw message