Major Description
Discussion in this thread highlights the risk with the current (old test harness) approach of granting access to the testing code (the user application) to read the database files themselves.
Policy suggested is:
${derby.system.home}
Access only given to derby.jar/derbynet.jar, derbytools should not be
reading files in the system home, derbytesting should only be able to
access limited files, such as derby.log and derby.properties. The value
of derby.system.home must not fall under any of the following folders,
e.g. for the default case ${user.dir}/dsh would be good.
${user.dir}/databases
All databases created under this folder when derby.system.home is not
set, access would only be granted to derby.jar
${user.dir}/extin,extout,extinout
Access granted as today
${user.dir}/tests
Folder test scripts, fail logs etc. permissions granted to
derbytesting, maybe derbytools but not derby.jar & derbynet.jar
Note that ideally tests should not be written to assume anything about the database name or its location, that way we could have multiple sets of Junit tests running in parallel, e.g. one against database 'wombat1' in ${derby.system.home}, one against databases/wombat2 in ${user.dir}.
Eventually the same would apply for multiple derby systems in different classloaders (DERBY-700), so any scheme should take these desires into account.