[DERBY-2331] Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace except for public apis. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 10.3.1.4
Component/s: Services
Labels:
None

Issue & fix info:

Release Note Needed
Bug behavior facts:

Security

Description

Since Derby is open source and (obviously) contains the code to read database files and is modular the potential exists that routines could utilize code on the classpath to read/modify database information directly, bypassing SQL level security.

Derby is a special case here as it is known that Derby code will be on the classpath and that it will have the correct permissions to read/write database files.

Existing routines from upgraded databases will fail at execute time when they try to resolve such classes.

Attachments

Issue Links

is related to

DERBY-467 Restrict direct access to priviliged blocks from application code

Open

Activity

People

Assignee:: Daniel John Debrunner

Reporter:: Daniel John Debrunner

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Feb/07 17:29

Updated:: 21/Jan/11 19:00

Resolved:: 07/Jul/07 17:08