You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jdo-dev@db.apache.org by Tilmann <ti...@gmx.de> on 2022/05/13 10:44:48 UTC

Derby's removal of the security manager

Item for next meeting:

Since this came up in one of our meetings not so long ago, here are
Derby's thoughts on removing the security manager:
https://issues.apache.org/jira/secure/attachment/13043591/releaseNote.html
from issue
https://issues.apache.org/jira/browse/DERBY-7138

There is a related issue that enforces use of Java 17+ for this version
of Derby:
https://issues.apache.org/jira/browse/DERBY-7137

Note that these changes have not been officially released yet.


One interesting point is the suggested mitigation "Run Derby from the
module path" to prevent access to internals.
- Does JDO work with --/module/-/path,/ do we need to do anything to
(better) support this, i.e. allow others using it?/
/- Should me modularize the JDO API?

Best,
Tilmann