You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by Rick Hillegas <ri...@gmail.com> on 2022/03/27 19:33:20 UTC

removing Derby's references to the Java Security Manager

The Open JDK regards the Java Security Manager as a large, brittle piece 
of code whose further maintenance costs too much. In some imminent 
release, the JVM will remove the Security Manager. See 
https://openjdk.java.net/jeps/411, 
https://issues.apache.org/jira/browse/DERBY-7110, and 
https://issues.apache.org/jira/browse/DERBY-7126.

For Derby, the Security Manager provides important defenses against the 
mis-use of the following security-sensitive operations:

o Reading and setting of system properties.

o Creation of class loaders.

o File access

o Network access

o De-registration of JDBC drivers

In preparation for the 10.16.1 release, I asked the Open JDK security 
team for advice. How should Derby users protect these operations on a 
future JVM which no longer includes the Security Manager? I asked for 
guidance in a security-dev@openjdk.java.net email thread titled 
"protecting security-sensitive operations on multi-tenant servers." The 
security team said:

1) The Security Manager was the wrong solution to this problem.

2) The better, modern solution would be to isolate your application 
inside an operating system container.

This seems to be the situation: In some future release, we will need to 
remove all references to the Security Manager and we will need to tell 
users to containerize their applications.

I'm happy to rototill away references to the Security Manager and update 
the Security Guide accordingly. I estimate that this will take about a 
month. My preference would be to delay the 10.16.1 release until this is 
done. However, there may be some reason to produce a 10.16.1 release 
first (the last release which uses the Security Manager) and introduce 
this change in 10.17.1.

What are your thoughts?

-Rick

Re: removing Derby's references to the Java Security Manager

Posted by Rick Hillegas <ri...@gmail.com>.

On 3/28/22 6:07 AM, Bryan Pendleton wrote:
>> rototill away references to the Security Manager and update
>> the Security Guide accordingly. I estimate that this will take about a
>> month. My preference would be to delay the 10.16.1 release until this is
>> done.
> This plan is fine with me. Glad to help, as my time permits.
>
> Thanks for moving us forward on this.
>
> bryan

Thanks, Bryan. I have opened 
https://issues.apache.org/jira/browse/DERBY-7138 to track the tasks 
needed to remove references to the SecurityManager. I have adjusted the 
10.16.1 milestones, aiming for a release in early June: 
https://cwiki.apache.org/confluence/display/DERBY/DerbyTenSixteenOneRelease

Re: removing Derby's references to the Java Security Manager

Posted by Bryan Pendleton <bp...@gmail.com>.

> rototill away references to the Security Manager and update
> the Security Guide accordingly. I estimate that this will take about a
> month. My preference would be to delay the 10.16.1 release until this is
> done.

This plan is fine with me. Glad to help, as my time permits.

Thanks for moving us forward on this.

bryan