You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Kim Haase (JIRA)" <ji...@apache.org> on 2014/06/10 21:13:03 UTC

[jira] [Resolved] (DERBY-6598) Document permissions recommendations for JAR procedures

     [ https://issues.apache.org/jira/browse/DERBY-6598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kim Haase resolved DERBY-6598.
------------------------------

          Resolution: Fixed
       Fix Version/s: 10.11.0.0
    Issue & fix info:   (was: Patch Available)

> Document permissions recommendations for JAR procedures
> -------------------------------------------------------
>
>                 Key: DERBY-6598
>                 URL: https://issues.apache.org/jira/browse/DERBY-6598
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.11.0.0
>            Reporter: Kim Haase
>            Assignee: Kim Haase
>             Fix For: 10.11.0.0
>
>         Attachments: DERBY-6598-2.diff, DERBY-6598-2.stat, DERBY-6598-2.zip, DERBY-6598.diff, DERBY-6598.stat, DERBY-6598.zip
>
>
> It's been recommended that we should make the documentation of the SQLJ.INSTALL_JAR procedure (and SQLJ.REPLACE_JAR) state more explicitly that the privilege should only be granted to trusted users. For example:
> "Since this procedure can be used to install arbitrary code that runs in the same Java Virtual Machine as the Derby database engine, the execution privilege should only be granted to trusted users."
> This needs to go into the Reference Manual topics on these procedures as well as other locations where they are discussed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)