[
https://issues.apache.org/jira/browse/SIS-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Desruisseaux updated SIS-320:
------------------------------------
Affects Version/s: 0.7
Fix Version/s: (was: 0.7)
> Enable SIS to run is security-constrained environments
> ------------------------------------------------------
>
> Key: SIS-320
> URL: https://issues.apache.org/jira/browse/SIS-320
> Project: Spatial Information Systems
> Issue Type: Improvement
> Components: Metadata, Referencing, Storage, Utilities
> Affects Versions: 0.3, 0.4, 0.5, 0.6, 0.7
> Reporter: Martin Desruisseaux
> Assignee: Martin Desruisseaux
> Labels: Jigsaw
>
> Wraps some code necessary to SIS working in
> {{AccessController.doPrivileged(...)}} blocks. Examples:
> {code:java}
> String dir = AccessController.doPrivileged((PrivilegedAction<String>) () -> {
> return System.getenv("SIS_DATA");
> });
> {code}
> We should not wrap all security-sensitive request for information, but only
> those that are needed for SIS working. Examples:
> * Environment variable value for {{SIS_DATA}}.
> * Property value for {{"java.naming.factory.initial"}},
> {{"derby.system.home"}}.
> * Call to {{Field.setAccessible(true)}} in {{clone()}} methods for setting
> final fields.
> Information for which we do *not* request privileged actions at this time:
> * MBean registration.
> * Property value for {{"java.home"}}.
> * Call to {{Field.setAccessible(true)}} on deserialization for setting final
> transient fields.
> Initial patch for SIS has been submitted by Guilhem Légal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
