Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2330

Disallow user-defined SQL routines to resolve to entry points (methods in classes) in the org.apache.derby.* namespace

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 10.3.1.4
    • SQL
    • None
    • Release Note Needed
    • Security

    Description

      Disallowing routines from accessing Derby code directly stops the potential of remote code exploiting any security holes in Derby.

      Derby code can be seen as a special case since it is known that the Derby code will be on the classpath.

      Disallowing such routines makes security analysis easier and safer rather than trying to guarantee every public static method in Derby can not expose secured information.

      Routines in existing applications (in upgraded databases) that map to such Derby methods will fail at execute time.

      Attachments

        Issue Links

          Activity

            People

              djd Daniel John Debrunner
              djd Daniel John Debrunner
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: