You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2014/09/19 17:03:34 UTC
[jira] [Updated] (DERBY-6741) User code can get the ContextManager
from an EmbedConnection
[ https://issues.apache.org/jira/browse/DERBY-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Hillegas updated DERBY-6741:
---------------------------------
Attachment: derby-6741-01-aa-usederbyinternals.diff
Attaching derby-6741-01-aa-usederbyinternals.diff. This patch guards this method with a check for usederbyinternals permission. I am running tests now.
I could not make the method private because it is used by EmbedXAResource.
Touches the following files:
-------------
M java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M java/engine/org/apache/derby/jdbc/EmbedXAResource.java
Add check for usederbyinternals.
-------------
M java/testing/org/apache/derbyTesting/functionTests/tests/lang/ConstraintCharacteristicsTest.java
M java/testing/org/apache/derbyTesting/functionTests/tests/lang/NewOptimizerOverridesTest.java
M java/testing/org/apache/derbyTesting/functionTests/tests/lang/resultSetReader.policy
Corresponding changes to tests.
-------------
M java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java
New test to verify that user code can't call EmbedConnection.getContextManager().
> User code can get the ContextManager from an EmbedConnection
> ------------------------------------------------------------
>
> Key: DERBY-6741
> URL: https://issues.apache.org/jira/browse/DERBY-6741
> Project: Derby
> Issue Type: Bug
> Components: JDBC, Services
> Reporter: Rick Hillegas
> Attachments: derby-6741-01-aa-usederbyinternals.diff
>
>
> EmbedConnection.getContextManager() is a public method. Exposing internals like the ContextManager is a security risk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)