You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/04/23 14:46:16 UTC

[jira] [Commented] (DERBY-6521) Improve error handling when restricting file permissions

    [ https://issues.apache.org/jira/browse/DERBY-6521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978152#comment-13978152 ] 

ASF subversion and git services commented on DERBY-6521:
--------------------------------------------------------

Commit 1589396 from [~knutanders] in branch 'code/trunk'
[ https://svn.apache.org/r1589396 ]

DERBY-6521: Improve error handling when restricting file permissions

> Improve error handling when restricting file permissions
> --------------------------------------------------------
>
>                 Key: DERBY-6521
>                 URL: https://issues.apache.org/jira/browse/DERBY-6521
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.11.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>         Attachments: d6521-1a.diff, d6521-1b.diff
>
>
> In DERBY-6503 there was some discussion about changing how errors are handled when Derby fails to restrict the file permissions.
> There seemed to be consensus that Derby should raise an exception if the user had explicitly requested (by setting derby.storage.useDefaultFilePermissions=false) that it should try to restrict file permissions. Currently, it only raises an error on non-posix file systems that support access control lists.
> In the case were the user has not explicitly requested restriction of file permissions, two options have been suggested:
> 1) Raise an exception
> 2) Don't raise an exception, possibly print a warning in derby.log
> Option 1 is the more secure one, since it forces the user to make a decision on how to handle a possible security problem (either by addressing the underlying cause of the failure, so that permissions can be successfully restricted by Derby, or by disabling the file restriction functionality).
> Option 2 is the more backward compatible one, since it gracefully falls back to the pre-10.10/pre-Java 7 behaviour if it cannot restrict the file permissions.



--
This message was sent by Atlassian JIRA
(v6.2#6252)