You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2014/06/17 15:53:02 UTC

[jira] [Created] (DERBY-6617) Silently swallowed SecurityExceptions may disable Derby features, including security features.

Rick Hillegas created DERBY-6617:
------------------------------------

             Summary: Silently swallowed SecurityExceptions may disable Derby features, including security features.
                 Key: DERBY-6617
                 URL: https://issues.apache.org/jira/browse/DERBY-6617
             Project: Derby
          Issue Type: Bug
          Components: Services
    Affects Versions: 10.11.0.0
            Reporter: Rick Hillegas


When the Monitor tries to read Derby properties, it silently swallows SecurityExceptions. This means that the properties will be silently ignored if Derby has not been granted sufficient privileges. This means that if you make a mistake crafting your security policy, then you may disable authentication and authorization. You may not realize this until you have incurred a security breach. This swallowing occurs at the following code locations:

{noformat}
org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties Catch java.lang.SecurityException 1 line 1360
org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch java.lang.SecurityException 0 line 280
org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch java.lang.SecurityException 1 line 183
org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 120
{noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)