You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2007/07/06 16:14:04 UTC
[jira] Updated: (DERBY-2908) 10.3.1.0 / 1.1.0 Derby eclipse plugin
gives security error referring to user.dir read permission because
derby.system.home is set to '.'
[ https://issues.apache.org/jira/browse/DERBY-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Hillegas updated DERBY-2908:
---------------------------------
Attachment: derby-2908-patchDefaultPolicy-01.diff
Attaching derby-2908-patchDefaultPolicy-01.diff. This adds permission to read the user.dir property to the server and template policies.
I think that this is a reasonable, defensive move. Although the default behavior is to set derby.system.home to user.dir, nothing prevents the user from explicitly stating that they want this default behavior. It's a minority but not unreasonable usage.
I am running regression tests just to be safe. If the tests pass, I'm inclined to commit this patch unless someone objects.
> 10.3.1.0 / 1.1.0 Derby eclipse plugin gives security error referring to user.dir read permission because derby.system.home is set to '.'
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-2908
> URL: https://issues.apache.org/jira/browse/DERBY-2908
> Project: Derby
> Issue Type: Bug
> Components: Eclipse Plug-in
> Affects Versions: 10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
> Environment: eclipse 3.2.1 with derby 10.3.1.0 core plugin, ui and doc plugin 1.1.0.
> Reporter: Myrna van Lunteren
> Attachments: derby-2908-patchDefaultPolicy-01.diff
>
>
> The Derby nature sets by default -Dderby.system.home=. (set in plugins/eclipse/org.apache.derby.ui/src/org/apache/derby/ui/properties/DerbyProperties.java and checked in plugins/eclipse/org.apache.derby.ui/src/org/apache/derby/uitl/DerbyServerUtils.java)
> With the default security policy, however, such a setting for ij & NetworkServerControl results in a security error in ij.
> (See stack in thread: http://www.nabble.com/10.3.1.0b-eclipse-plugin---default-security-tf4030218.html)
> It's possible this is a bug in itself...
> One work around is to add the following permission to the default policy file:
> permission java.util.PropertyPermission "user.dir", "read";
> Another solution is to not set the derby.system.home to anything by default, and if it's not set to anything, not pass on -Dderby.system.home= to the networkserver process (specifying -Dderby.system.home= without a value fails to start networkserver).
> This would mean increasing the version of the plugins. To 1.1.1?
> Yet another thing would be to adjust the plugin to handle adjusting the security policy...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.