You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2014/06/27 18:52:24 UTC

[jira] [Created] (DERBY-6641) Application code may be able to use the public LogToFile class to interfere with Derby's operation.

Rick Hillegas created DERBY-6641:
------------------------------------

             Summary: Application code may be able to use the public LogToFile class to interfere with Derby's operation.
                 Key: DERBY-6641
                 URL: https://issues.apache.org/jira/browse/DERBY-6641
             Project: Derby
          Issue Type: Bug
          Components: Store
    Affects Versions: 10.11.0.0
            Reporter: Rick Hillegas


With a little work, I think that an application could dig up the LogFactory and cast it to LogToFile. This could give the application elevated privileges to overwrite sensitive Derby-managed data.



--
This message was sent by Atlassian JIRA
(v6.2#6252)