You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/09/19 18:57:33 UTC
[jira] [Commented] (DERBY-6741) User code can get the
ContextManager from an EmbedConnection
[ https://issues.apache.org/jira/browse/DERBY-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14140872#comment-14140872 ]
ASF subversion and git services commented on DERBY-6741:
--------------------------------------------------------
Commit 1626274 from [~rhillegas] in branch 'code/trunk'
[ https://svn.apache.org/r1626274 ]
DERBY-6741: Add a privilege barrier to prevent users from getting a ContextManager from an embedded connection object; tests passed cleanly on derby-6741-01-aa-usederbyinternals.diff.
> User code can get the ContextManager from an EmbedConnection
> ------------------------------------------------------------
>
> Key: DERBY-6741
> URL: https://issues.apache.org/jira/browse/DERBY-6741
> Project: Derby
> Issue Type: Bug
> Components: JDBC, Services
> Reporter: Rick Hillegas
> Attachments: derby-6741-01-aa-usederbyinternals.diff
>
>
> EmbedConnection.getContextManager() is a public method. Exposing internals like the ContextManager is a security risk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)