You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <de...@db.apache.org> on 2005/08/02 21:33:35 UTC

[jira] Created: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
--------------------------------------------------------------------------------------------------------------------------

         Key: DERBY-485
         URL: http://issues.apache.org/jira/browse/DERBY-485
     Project: Derby
        Type: Bug
  Components: Security, SQL  
    Versions: 10.1.1.1, 10.2.0.0    
    Reporter: Daniel John Debrunner
 Assigned to: Daniel John Debrunner 
    Priority: Minor


In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.

     [ http://issues.apache.org/jira/browse/DERBY-485?page=all ]
     
Daniel John Debrunner resolved DERBY-485:
-----------------------------------------

    Resolution: Fixed

> SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
> --------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-485
>          URL: http://issues.apache.org/jira/browse/DERBY-485
>      Project: Derby
>         Type: Bug
>   Components: SQL, Security
>     Versions: 10.2.0.0, 10.1.1.1
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0

>
> In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Closed: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.

     [ http://issues.apache.org/jira/browse/DERBY-485?page=all ]
     
Deepa Remesh closed DERBY-485:
------------------------------

    Resolution: Fixed

> SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
> --------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-485
>          URL: http://issues.apache.org/jira/browse/DERBY-485
>      Project: Derby
>         Type: Bug
>   Components: Security, SQL
>     Versions: 10.1.2.0, 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0, 10.1.2.0, 10.1.1.1

>
> In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Reopened: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.

     [ http://issues.apache.org/jira/browse/DERBY-485?page=all ]
     
Deepa Remesh reopened DERBY-485:
--------------------------------


reopening to fix fix version

> SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
> --------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-485
>          URL: http://issues.apache.org/jira/browse/DERBY-485
>      Project: Derby
>         Type: Bug
>   Components: Security, SQL
>     Versions: 10.1.2.0, 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0, 10.1.2.0, 10.1.1.1

>
> In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.

     [ http://issues.apache.org/jira/browse/DERBY-485?page=all ]

Daniel John Debrunner updated DERBY-485:
----------------------------------------

    Fix Version: 10.2.0.0

Revision 230183 Catch SecurityExceptions and LinkageExceptions consistently when loading application
classes (e.g. procedures, functions) and report as a ClassNotFoundException with the text of
the underlying exception. Enhance the test lang/dcl.jar to have a signed jar file as a database
jar, a hacked version of the jar file and a jar file with an invalid class (for a LinkageError).

> SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
> --------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-485
>          URL: http://issues.apache.org/jira/browse/DERBY-485
>      Project: Derby
>         Type: Bug
>   Components: SQL, Security
>     Versions: 10.2.0.0, 10.1.1.1
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0

>
> In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

Posted by "Deepa Remesh (JIRA)" <de...@db.apache.org>.

     [ http://issues.apache.org/jira/browse/DERBY-485?page=all ]

Deepa Remesh updated DERBY-485:
-------------------------------

    Fix Version: 10.1.1.1

> SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
> --------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-485
>          URL: http://issues.apache.org/jira/browse/DERBY-485
>      Project: Derby
>         Type: Bug
>   Components: Security, SQL
>     Versions: 10.1.2.0, 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0, 10.1.2.0, 10.1.1.1

>
> In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (DERBY-485) SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.

Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.

     [ http://issues.apache.org/jira/browse/DERBY-485?page=all ]

Daniel John Debrunner updated DERBY-485:
----------------------------------------

    Fix Version: 10.1.2.0

Also fixed in 10.1.2 as revision 290286 from trunk 230183

> SecurityException or LinkageException thrown during loading a class from a database jar incorrectly shuts the engine down.
> --------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-485
>          URL: http://issues.apache.org/jira/browse/DERBY-485
>      Project: Derby
>         Type: Bug
>   Components: Security, SQL
>     Versions: 10.1.2.0, 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0, 10.1.2.0

>
> In addiing test cases to lang/dcl.test for signed jar files stored in the database I found that if a jar is installed with a tampered class the resulting SecurityException shuts Derby down. Most likely the same would be true for an invalid class hacked into the jar.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira