Rick Hillegas created DERBY-6922: ------------------------------------ Summary: Extra permission may be required for user-defined aggregates Key: DERBY-6922 URL: https://issues.apache.org/jira/browse/DERBY-6922 Project: Derby Issue Type: Bug Components: SQL Affects Versions: 10.12.1.1 Reporter: Rick Hillegas
An additional privilege may be needed when running a user-defined aggregate which spills intermediate results to disk. That is a theory raised by discussion on this email thread: http://apache-database.10148.n7.nabble.com/Security-problem-with-ggregate-functions-using-Java-td147236.html The additional privilege needed by the engine jar is: permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; It is likely that this situation only arises on JVMs up through JDK 8. I believe that JDK 9 has removed many dependencies on Sun classes. It would be worthwhile to try running a user-defined aggregate which spills to disk, and to do this while running under a security manager. -- This message was sent by Atlassian JIRA (v6.3.15#6346)