You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2008/12/08 17:40:44 UTC
[jira] Assigned: (DERBY-467) Restrict direct access to priviliged
blocks from application code
[ https://issues.apache.org/jira/browse/DERBY-467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kathey Marsden reassigned DERBY-467:
------------------------------------
Assignee: (was: Daniel John Debrunner)
> Restrict direct access to priviliged blocks from application code
> -----------------------------------------------------------------
>
> Key: DERBY-467
> URL: https://issues.apache.org/jira/browse/DERBY-467
> Project: Derby
> Issue Type: Improvement
> Components: Security
> Affects Versions: 10.1.1.0, 10.2.1.6
> Reporter: Daniel John Debrunner
>
> In looking at the privilged blocks in Derby several are accessible from application code, either as in public/protected methods and public classes. The fix for this includes:
> - making packages in the jar files sealed wherever possible
> - making classes and methods with privilged blocks as private as possible (private or package for methods, package for classes)
> As Derby moves towards a more client server approach (e.g. see grant/revoke) I started to perform a security analysis of the priviliged blocks, but realised it would be easier if I fixed the obvious problems first.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.