You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/07/03 23:13:04 UTC

[jira] Closed: (DERBY-2331) Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace except for public apis.

     [ https://issues.apache.org/jira/browse/DERBY-2331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel John Debrunner closed DERBY-2331.
----------------------------------------


> Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace except for public apis.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2331
>                 URL: https://issues.apache.org/jira/browse/DERBY-2331
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Daniel John Debrunner
>            Assignee: Daniel John Debrunner
>             Fix For: 10.3.0.0, 10.3.1.0
>
>
> Since Derby is open source and (obviously) contains the code to read database files and is modular the potential exists that routines could utilize code on the classpath to read/modify database information directly, bypassing SQL level security.
> Derby is a special case here as it is known that Derby code will be on the classpath and that it will have the correct permissions to read/write database files.
> Existing routines from upgraded databases will fail at execute time when they try to resolve such classes.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.