[ https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13085571#comment-13085571 ]
Kristian Waagan commented on DERBY-5363: ---------------------------------------- Rick, I looks to me like you used a Java 7 early access build - these builds are ignored by the PropertySetter.isValidVersion(). If you specify -DprintCompilerProperties[Verbose]=true this should be reported. I tested the patch on OpenSUSE 11.4 and it worked when setting JAVA_HOME=jdk1.7. In this case Java 6 was also available. If run it with only Java 7 available, the build fails. Is this as intended, or do we want to set the Java 6 compile classpath using Java 7 (as we do for Java 5.0 if only Java 6 is available)? > Tighten default permissions of DB files with >= JDK6 > ---------------------------------------------------- > > Key: DERBY-5363 > URL: https://issues.apache.org/jira/browse/DERBY-5363 > Project: Derby > Issue Type: Improvement > Reporter: Dag H. Wanvik > Attachments: permission-5.diff, permission-5.stat, permission-6.diff, > permission-6.stat, z.sql > > > Before Java 6, files created by Derby would have the default > permissions of the operating system context. Under Unix, this would > depend on the effective umask of the process that started the Java VM. > In Java 6 and 7, there are methods available that allows tightening up this > (File.setReadable, setWritable), making it less likely that somebody > would accidentally run Derby with a too lenient default. > I suggest we take advantage of this, and let Derby by default (in Java > 6 and higher) limit the visibility to the OS user that starts the VM, > e.g. on Unix this would be equivalent to running with umask 0077. More > secure by default is good, I think. > We could have a flag, e.g. "derby.storage.useDefaultFilePermissions" > that when set to true, would give the old behavior. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira