Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6598

Document permissions recommendations for JAR procedures

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.11.1.1
    • Fix Version/s: 10.11.1.1
    • Component/s: Documentation
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      It's been recommended that we should make the documentation of the SQLJ.INSTALL_JAR procedure (and SQLJ.REPLACE_JAR) state more explicitly that the privilege should only be granted to trusted users. For example:

      "Since this procedure can be used to install arbitrary code that runs in the same Java Virtual Machine as the Derby database engine, the execution privilege should only be granted to trusted users."

      This needs to go into the Reference Manual topics on these procedures as well as other locations where they are discussed.

        Attachments

        1. DERBY-6598.diff
          4 kB
          Camilla Haase
        2. DERBY-6598.stat
          0.2 kB
          Camilla Haase
        3. DERBY-6598.zip
          9 kB
          Camilla Haase
        4. DERBY-6598-2.diff
          3 kB
          Camilla Haase
        5. DERBY-6598-2.stat
          0.1 kB
          Camilla Haase
        6. DERBY-6598-2.zip
          7 kB
          Camilla Haase

          Activity

            People

            • Assignee:
              chaase3 Camilla Haase
              Reporter:
              chaase3 Camilla Haase
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: