Rick Hillegas created DERBY-6922:
------------------------------------
Summary: Extra permission may be required for user-defined
aggregates
Key: DERBY-6922
URL: https://issues.apache.org/jira/browse/DERBY-6922
Project: Derby
Issue Type: Bug
Components: SQL
Affects Versions: 10.12.1.1
Reporter: Rick Hillegas
An additional privilege may be needed when running a user-defined aggregate
which spills intermediate results to disk. That is a theory raised by
discussion on this email thread:
http://apache-database.10148.n7.nabble.com/Security-problem-with-ggregate-functions-using-Java-td147236.html
The additional privilege needed by the engine jar is:
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
It is likely that this situation only arises on JVMs up through JDK 8. I
believe that JDK 9 has removed many dependencies on Sun classes.
It would be worthwhile to try running a user-defined aggregate which spills to
disk, and to do this while running under a security manager.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
