You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/09/19 18:57:33 UTC

[jira] [Commented] (DERBY-6741) User code can get the ContextManager from an EmbedConnection

    [ https://issues.apache.org/jira/browse/DERBY-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14140872#comment-14140872 ] 

ASF subversion and git services commented on DERBY-6741:
--------------------------------------------------------

Commit 1626274 from [~rhillegas] in branch 'code/trunk'
[ https://svn.apache.org/r1626274 ]

DERBY-6741: Add a privilege barrier to prevent users from getting a ContextManager from an embedded connection object; tests passed cleanly on derby-6741-01-aa-usederbyinternals.diff.

> User code can get the ContextManager from an EmbedConnection
> ------------------------------------------------------------
>
>                 Key: DERBY-6741
>                 URL: https://issues.apache.org/jira/browse/DERBY-6741
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC, Services
>            Reporter: Rick Hillegas
>         Attachments: derby-6741-01-aa-usederbyinternals.diff
>
>
> EmbedConnection.getContextManager() is a public method. Exposing internals like the ContextManager is a security risk.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)