You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Kristian Waagan (JIRA)" <ji...@apache.org> on 2008/10/31 10:40:44 UTC

[jira] Closed: (DERBY-2556) Code paths for db restore do not use doPrivileged-calls, causing SecurityException

     [ https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kristian Waagan closed DERBY-2556.
----------------------------------

    Resolution: Fixed

Thanks for bringing this up again, Kathey.

I'm closing the issue, and I'm not planning to port it to 10.4.
There are conflicts in the merge, and in my view the potential security threat is limited (exists, isDirectory, list, mkdirs).

In case anyone feel differently, porting the fix is doable with some manual changes.

> Code paths for db restore do not use doPrivileged-calls, causing SecurityException
> ----------------------------------------------------------------------------------
>
>                 Key: DERBY-2556
>                 URL: https://issues.apache.org/jira/browse/DERBY-2556
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.2.2.0, 10.3.1.4
>         Environment: Derby running with a security manager.
>            Reporter: Kristian Waagan
>            Assignee: Kristian Waagan
>             Fix For: 10.3.1.4
>
>         Attachments: derby-2556-2a_whitespace-javadoc.diff, derby-2556-3a_alternative-patch.diff, derby-2556-3a_alternative-patch.stat, derby-2556-4a_alternative-patch.diff, derby-2556-4a_alternative-patch.stat, derby-2556-5a-reworked_fix.diff, derby-2556-5a-reworked_fix.stat, derby-2556-5b-reworked_fix.diff, derby-2556-5b-reworked_fix.stat, derby-2556_diff.txt, derby-2556_stat.txt
>
>
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a database from a backup image, a SecurityException is thrown even though the policyfile for codebase derby.jar is correctly configured (giving Derby access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments): https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the "application-level code", or granting the required permissions to the application codebase as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.