You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2014/06/27 18:52:24 UTC
[jira] [Created] (DERBY-6641) Application code may be able to use
the public LogToFile class to interfere with Derby's operation.
Rick Hillegas created DERBY-6641:
------------------------------------
Summary: Application code may be able to use the public LogToFile class to interfere with Derby's operation.
Key: DERBY-6641
URL: https://issues.apache.org/jira/browse/DERBY-6641
Project: Derby
Issue Type: Bug
Components: Store
Affects Versions: 10.11.0.0
Reporter: Rick Hillegas
With a little work, I think that an application could dig up the LogFactory and cast it to LogToFile. This could give the application elevated privileges to overwrite sensitive Derby-managed data.
--
This message was sent by Atlassian JIRA
(v6.2#6252)