You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2008/12/08 17:40:44 UTC

[jira] Assigned: (DERBY-467) Restrict direct access to priviliged blocks from application code

     [ https://issues.apache.org/jira/browse/DERBY-467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kathey Marsden reassigned DERBY-467:
------------------------------------

    Assignee:     (was: Daniel John Debrunner)

> Restrict direct access to priviliged blocks from application code
> -----------------------------------------------------------------
>
>                 Key: DERBY-467
>                 URL: https://issues.apache.org/jira/browse/DERBY-467
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 10.1.1.0, 10.2.1.6
>            Reporter: Daniel John Debrunner
>
> In looking at the privilged blocks in Derby  several are accessible from application code, either as in public/protected methods and public classes. The fix for this includes:
> - making packages in the jar files sealed wherever possible
> - making classes and methods with privilged blocks  as private as possible (private or package for methods, package for classes)
> As Derby moves towards a more client server approach (e.g. see grant/revoke) I started to perform a security analysis of the priviliged blocks, but realised it would be easier if I fixed the obvious problems first.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.