Derby
  1. Derby
  2. DERBY-19

NPE when trying to create a database at a directory that is not allowed

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 10.0.2.0
    • Fix Version/s: 10.1.1.0
    • Component/s: Services
    • Labels:
      None

      Description

      Opening this bug on behalf of Daniel Debrunner

      --------------------------------------------------------------
      This bug occurs in embedded Derby and Derby Network Server. In Derby Network Server, it might be best for a security exception to be thrown when trying to create a database at a disallowed directory (SQLSTATE 38000).

      This bug can be reproduced in IJ like so:
      (if your 'D' drive is an inaccessible disk. e.g. your CD-ROM)
      ij> connect 'jdbc:derby:d:/wombat2;create=true';
      ERROR XJ041: Failed to create database 'd:/wombat2'

        Activity

        Hide
        Jan Hlavatý added a comment -

        This is a broader problem - you let anyone create databases whereever he wants. I dont think this is a good idea - someone might create garbage all over the server system. Maybe there should be a way to allow only certain directories.

        Show
        Jan Hlavatý added a comment - This is a broader problem - you let anyone create databases whereever he wants. I dont think this is a good idea - someone might create garbage all over the server system. Maybe there should be a way to allow only certain directories.
        Hide
        Daniel John Debrunner added a comment -

        A solution to Jan's concern about the ability to create databases anywhere is to use the Java 2 security manager. Then the policy file for the JVM running Derby can limit Derby's file access as required.

        Show
        Daniel John Debrunner added a comment - A solution to Jan's concern about the ability to create databases anywhere is to use the Java 2 security manager. Then the policy file for the JVM running Derby can limit Derby's file access as required.
        Hide
        Daniel John Debrunner added a comment -

        Changes committed as revision 178795.
        Handle the exception thrown when accessing a path name, such as drive not ready from a CD-ROM.
        Don't see how to add a test for this as a invalid name worked fine, only the exception due to drive not ready caused the problem.

        Show
        Daniel John Debrunner added a comment - Changes committed as revision 178795. Handle the exception thrown when accessing a path name, such as drive not ready from a CD-ROM. Don't see how to add a test for this as a invalid name worked fine, only the exception due to drive not ready caused the problem.

          People

          • Assignee:
            Daniel John Debrunner
            Reporter:
            Ramandeep Kaur
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development