Francois Orsini wrote: > if permission is granted as part of the security policies I would think > so - it will call the appropriate permission check on the security > manager installed...
For any method call that requires a security permission it can (most likely) always be used in Derby. Things to consider if such a method call is to be used are: - Is it required for running Derby, or only for a sub-feature within Derby? E.g. in this case it seems only to be needed if debugging lock deadlocks. - How risky is granting that permission to a consumer of Derby? E.g. we could code Derby so that it was required that it be granted permission to read and write all system properties. That may be seen as risky to a user of Derby, so instead Derby is coded so that only granting permission to read properties starting with 'derby.' is required. Ideally we want to a have situation when a user can grant Derby a minimal set of permissions that matches their required use of Derby. When using a such a method call, it must be called in a in a privleged block. I plan to provide as part of DERBY-615 documentation with details of this and existing uses of methods requiring permission.h Dan.
