[DERBY-2330] Disallow user-defined SQL routines to resolve to entry points (methods in classes) in the org.apache.derby.* namespace - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 10.3.1.4
Component/s: SQL
Labels:
None

Issue & fix info:

Release Note Needed
Bug behavior facts:

Security

Description

Disallowing routines from accessing Derby code directly stops the potential of remote code exploiting any security holes in Derby.

Derby code can be seen as a special case since it is known that the Derby code will be on the classpath.

Disallowing such routines makes security analysis easier and safer rather than trying to guarantee every public static method in Derby can not expose secured information.

Routines in existing applications (in upgraded databases) that map to such Derby methods will fail at execute time.

Attachments

Issue Links

is related to

DERBY-467 Restrict direct access to priviliged blocks from application code

Open

Activity

People

Assignee:: Daniel John Debrunner

Reporter:: Daniel John Debrunner

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Feb/07 17:25

Updated:: 30/Jun/09 16:12

Resolved:: 07/Jun/07 14:12