You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/07/03 23:13:04 UTC
[jira] Closed: (DERBY-2331) Disallow code in installed jars from
resolving classes in the org.apache.derby.* namespace except for public
apis.
[ https://issues.apache.org/jira/browse/DERBY-2331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel John Debrunner closed DERBY-2331.
----------------------------------------
> Disallow code in installed jars from resolving classes in the org.apache.derby.* namespace except for public apis.
> ------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-2331
> URL: https://issues.apache.org/jira/browse/DERBY-2331
> Project: Derby
> Issue Type: Improvement
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Fix For: 10.3.0.0, 10.3.1.0
>
>
> Since Derby is open source and (obviously) contains the code to read database files and is modular the potential exists that routines could utilize code on the classpath to read/modify database information directly, bypassing SQL level security.
> Derby is a special case here as it is known that Derby code will be on the classpath and that it will have the correct permissions to read/write database files.
> Existing routines from upgraded databases will fail at execute time when they try to resolve such classes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.