Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6521

Improve error handling when restricting file permissions

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.11.1.1
    • Fix Version/s: 10.11.1.1
    • Component/s: Services
    • Labels:
      None

      Description

      In DERBY-6503 there was some discussion about changing how errors are handled when Derby fails to restrict the file permissions.

      There seemed to be consensus that Derby should raise an exception if the user had explicitly requested (by setting derby.storage.useDefaultFilePermissions=false) that it should try to restrict file permissions. Currently, it only raises an error on non-posix file systems that support access control lists.

      In the case were the user has not explicitly requested restriction of file permissions, two options have been suggested:

      1) Raise an exception

      2) Don't raise an exception, possibly print a warning in derby.log

      Option 1 is the more secure one, since it forces the user to make a decision on how to handle a possible security problem (either by addressing the underlying cause of the failure, so that permissions can be successfully restricted by Derby, or by disabling the file restriction functionality).

      Option 2 is the more backward compatible one, since it gracefully falls back to the pre-10.10/pre-Java 7 behaviour if it cannot restrict the file permissions.

        Attachments

        1. d6521-1a.diff
          8 kB
          Knut Anders Hatlen
        2. d6521-1b.diff
          10 kB
          Knut Anders Hatlen

          Issue Links

            Activity

              People

              • Assignee:
                knutanders Knut Anders Hatlen
                Reporter:
                knutanders Knut Anders Hatlen
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: