1. Derby
  2. DERBY-1656

Define & implement directory structure for JUnit tests to allow clear separation of security access for derby testing and product jar files.


    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s:
    • Component/s: Test
    • Labels:


      Discussion in this thread highlights the risk with the current (old test harness) approach of granting access to the testing code (the user application) to read the database files themselves.

      Policy suggested is:


      Access only given to derby.jar/derbynet.jar, derbytools should not be
      reading files in the system home, derbytesting should only be able to
      access limited files, such as derby.log and The value
      of derby.system.home must not fall under any of the following folders,
      e.g. for the default case ${user.dir}/dsh would be good.

      All databases created under this folder when derby.system.home is not
      set, access would only be granted to derby.jar

      Access granted as today

      Folder test scripts, fail logs etc. permissions granted to
      derbytesting, maybe derbytools but not derby.jar & derbynet.jar

      Note that ideally tests should not be written to assume anything about the database name or its location, that way we could have multiple sets of Junit tests running in parallel, e.g. one against database 'wombat1' in ${derby.system.home}

      , one against databases/wombat2 in $


      Eventually the same would apply for multiple derby systems in different classloaders (DERBY-700), so any scheme should take these desires into account.


        No work has yet been logged on this issue.


          • Assignee:
            Daniel John Debrunner
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: