Return-Path: 
 <tomcat-user-return-71602-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 18517 invoked from network); 16 Jul 2003 12:30:11 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 16 Jul 2003 12:30:11 -0000
Received: (qmail 7089 invoked by uid 97); 16 Jul 2003 12:32:42 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 7082 invoked from network); 16 Jul 2003 12:32:41 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 16 Jul 2003 12:32:41 -0000
Received: (qmail 17009 invoked by uid 500); 16 Jul 2003 12:29:52 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 16994 invoked from network); 16 Jul 2003 12:29:52 -0000
Received: from exchange2.napier.ac.uk (HELO EX-SERVER1.napier.ac.uk)
 (146.176.2.203)
  by daedalus.apache.org with SMTP; 16 Jul 2003 12:29:52 -0000
Received: by ex-server1.napier.ac.uk with Internet Mail Service (5.5.2653.19)
	id <35YWWN18>; Wed, 16 Jul 2003 13:29:45 +0100
Message-ID: <36402DCC1069D411922D00508B5B2CC218747461@ex-server1.napier.ac.uk>
From: "Paterson, Trevor" <T.Paterson@napier.ac.uk>
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Subject: PERMISSIONS FOR JDBC ORACLE APPLICATION
Date: Wed, 16 Jul 2003 13:29:42 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C34B95.EEB81E80"
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

------_=_NextPart_001_01C34B95.EEB81E80
Content-Type: text/plain;
	charset="iso-8859-1"

Hi
 
I am trying to start using the SecurityManager/catalina.policy for a
servelt/jsp application that accesses an Oracle Database for read/write.
 
Everything works fine when I set: permission java.security.AllPermission for
the entire application.
 
but if I try and limit permissions,  any  table varchar2 data I get back
from queries via ResultSet.getObject().toString() seems to be (?URL)encoded
- Dates and ints are OK.
 
I can't work out which file or driver doesn't have appropriate conditions -
can anyone help?
 
I have tried:
    permission java.net.SocketPermission "xxx.xxx.xxx.xxx:xxxx", "connect"; 
    permission java.util.PropertyPermission "oracle.jserver.version",
"read";
    permission java.util.PropertyPermission
"oracle.jdbc.driver.OracleDriver", "read";
    permission java.util.PropertyPermission "/WEB-INF/lib/ojdbc.jar",
"read";
    permission java.util.PropertyPermission "java.net.*", "read";
    permission java.util.PropertyPermission "java.sql.*", "read"; 
 
currently running jdk 1.4 and Tomcat 4.1.12 and Oracle 9i

Ta Trevor 


------_=_NextPart_001_01C34B95.EEB81E80--