You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <de...@db.apache.org> on 2005/11/16 03:09:30 UTC

[jira] Commented: (DERBY-709) SecurityException thrown when passing a relative path name when backing up database

    [ http://issues.apache.org/jira/browse/DERBY-709?page=comments#action_12357751 ] 

Daniel John Debrunner commented on DERBY-709:
---------------------------------------------

Adding tests for absolute paths with backup would be good as well. Could use a Java function to create a absolute path from a relative name. In that case the code for the function would be in derby.jar whick can be granted permissions to read user.dir.

E.g.

 CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE(FILENAME_RELATIVE('extinout/bkup1')); 

Maybe such tests exist already.

> SecurityException thrown when passing a relative path name when backing up database
> -----------------------------------------------------------------------------------
>
>          Key: DERBY-709
>          URL: http://issues.apache.org/jira/browse/DERBY-709
>      Project: Derby
>         Type: Bug
>   Components: Store, Security
>     Versions: 10.0.2.0, 10.1.1.0, 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Priority: Minor

>
> CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE('extinout/bkup1');
> ERROR 38000: The exception 'java.security.AccessControlException: access denied
> (java.util.PropertyPermission user.dir read)' was thrown while evaluating an exp
> ression)
> Can be seen in the store/encryptionKey.sql test, modify the _app.properties file to enable the security manager.
> Due to logging messages using File.getCanonicalPath in RawStore.java, lines 675 and 686.
> Possible solutions:
>   - use a privileged block and required user.dir permission granted to user.dir to backup to a relative directory
>   - use a privileged block,if a security exception is thrown then just display the relative name, otherwise display the full name. This would allow backups to succeed without requiring granting additional permissions to derby.jar
>   - just log the relative path

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira