Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6630

Applications can use JCECipherFactory to elevate their privileges to those granted to Derby

    XMLWordPrintableJSON

    Details

    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      JCECipherFactory.run() performs security-sensitive operations. It is executed in a privilege block by the init() method, which is, in turn, executed by the public constructor. The class and its corresponding factory are public, which means that any code running in the same JVM can run this security-sensitive code with the privileges granted to Derby.

        Attachments

        1. derby-6630-01-aa-usederbyinternals.diff
          3 kB
          Richard N. Hillegas

          Issue Links

            Activity

              People

              • Assignee:
                rhillegas Richard N. Hillegas
                Reporter:
                rhillegas Richard N. Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: