db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Noll <dan...@nuix.com>
Subject Re: Can we do some kind of virtual path mapping with Network Server?
Date Wed, 13 May 2009 23:32:05 GMT
Kristian Waagan wrote:
> Hi Daniel,
> Have you considered using symbolic links?
> (btw, something to check out here is how Java security interacts with 
> symlinks)

It seems to canonicalise the path excessively, so it would probably do 
the right thing and make sure you have permission to both locations.  I 
have noticed Java even checks this even if you have a FilePermission for 
all files. :rollseyes:

On UNIX this would have been a fairly sensible option... Windows does 
have symlinks now, but not *every* version of the OS we support.  On a 
related note I have noticed Java has issues with my second hard disk 
which is mounted at C:\Data, so it may not be great for symlinks either.

> Regarding disallowing access for selected databases, is using the access 
> rights mechanisms provided by the OS/file system an option?
> I do realize there are limitations and challenges with the approach(es)...

Using the filesystem for access control works but puts the burden on the 
sysadmin to get it right (and it's something which is hard to check from 
Java land, "are the permissions on this entire hard disk correct?"

Hiding the entire thing behind a REST or similar API would be another 
solution to the problem, but it's a pretty steep hill.  I just thought I 
would throw the question out there because a simple API which takes a 
path and returns a path would have been an elegant solution, even if it 
were buried deep in the server code.


Daniel Noll                            Forensic and eDiscovery Software
Senior Developer                              The world's most advanced
Nuix                                                email data analysis
http://nuix.com/                                and eDiscovery software

View raw message