db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Leroux <s...@wanadoo.fr>
Subject Using security manager to grant permission to db stored procedures
Date Mon, 17 Aug 2009 12:25:37 GMT
Hi everybody,

I have a db stored procedure that should send an e-mail on certain 
events. This procedure should open a socket to an SMTP server.

But, when Derby runs under security manager (using Derby 10.5.1.1), the 
default security policy does not allow that.

The obvious solution is to write a custom policy file having a rule like:
 > grant codebase "file:///path/to/db/jar/APP/MailHelper.jar" {
 >     permission java.net.SocketPermission  "*:25", "connect"
 > }

/But/, db stored JAR a copied to the db/jar/APP folder with trailing 
"magic number" (?) like: "MailHelper.jar.G1230379179336".


So here are my questions:
1) Should I use the full JAR name 'MailHelper.jar.G1230379179336' as 
codebase in my "grant" rule?
2) Under which circumstances the trailing "G1230379179336" will change?
3) Is setting a security policy on per stored-db JAR basis a supported 
feature or not?

Considering the later, all the docs I found on the internet regarding 
this subject where a little bit "fuzzy" or out-dated.  As an example, 
http://db.apache.org/derby/binaries/jta-WE15.pdf expressively states 
that "SQL Functions and Procedures must [...] have permission for action 
granted to their code base - *Currently not possible for jar files 
stored in db*". In the other hand the doc is 3 years old...


Thanks in advance for your time,
Sylvain Leroux
-- 
Website: http://www.chicoree.fr

Mime
View raw message