You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Rick Hillegas <ri...@gmail.com> on 2022/03/27 19:33:20 UTC
removing Derby's references to the Java Security Manager
The Open JDK regards the Java Security Manager as a large, brittle piece
of code whose further maintenance costs too much. In some imminent
release, the JVM will remove the Security Manager. See
https://openjdk.java.net/jeps/411,
https://issues.apache.org/jira/browse/DERBY-7110, and
https://issues.apache.org/jira/browse/DERBY-7126.
For Derby, the Security Manager provides important defenses against the
mis-use of the following security-sensitive operations:
o Reading and setting of system properties.
o Creation of class loaders.
o File access
o Network access
o De-registration of JDBC drivers
In preparation for the 10.16.1 release, I asked the Open JDK security
team for advice. How should Derby users protect these operations on a
future JVM which no longer includes the Security Manager? I asked for
guidance in a security-dev@openjdk.java.net email thread titled
"protecting security-sensitive operations on multi-tenant servers." The
security team said:
1) The Security Manager was the wrong solution to this problem.
2) The better, modern solution would be to isolate your application
inside an operating system container.
This seems to be the situation: In some future release, we will need to
remove all references to the Security Manager and we will need to tell
users to containerize their applications.
I'm happy to rototill away references to the Security Manager and update
the Security Guide accordingly. I estimate that this will take about a
month. My preference would be to delay the 10.16.1 release until this is
done. However, there may be some reason to produce a 10.16.1 release
first (the last release which uses the Security Manager) and introduce
this change in 10.17.1.
What are your thoughts?
-Rick
Re: removing Derby's references to the Java Security Manager
Posted by Rick Hillegas <ri...@gmail.com>.
On 3/28/22 6:07 AM, Bryan Pendleton wrote:
>> rototill away references to the Security Manager and update
>> the Security Guide accordingly. I estimate that this will take about a
>> month. My preference would be to delay the 10.16.1 release until this is
>> done.
> This plan is fine with me. Glad to help, as my time permits.
>
> Thanks for moving us forward on this.
>
> bryan
Thanks, Bryan. I have opened
https://issues.apache.org/jira/browse/DERBY-7138 to track the tasks
needed to remove references to the SecurityManager. I have adjusted the
10.16.1 milestones, aiming for a release in early June:
https://cwiki.apache.org/confluence/display/DERBY/DerbyTenSixteenOneRelease
Re: removing Derby's references to the Java Security Manager
Posted by Bryan Pendleton <bp...@gmail.com>.
> rototill away references to the Security Manager and update
> the Security Guide accordingly. I estimate that this will take about a
> month. My preference would be to delay the 10.16.1 release until this is
> done.
This plan is fine with me. Glad to help, as my time permits.
Thanks for moving us forward on this.
bryan