[
https://issues.apache.org/jira/browse/DERBY-6521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978152#comment-13978152
]
ASF subversion and git services commented on DERBY-6521:
--------------------------------------------------------
Commit 1589396 from [~knutanders] in branch 'code/trunk'
[ https://svn.apache.org/r1589396 ]
DERBY-6521: Improve error handling when restricting file permissions
> Improve error handling when restricting file permissions
> --------------------------------------------------------
>
> Key: DERBY-6521
> URL: https://issues.apache.org/jira/browse/DERBY-6521
> Project: Derby
> Issue Type: Improvement
> Components: Services
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Attachments: d6521-1a.diff, d6521-1b.diff
>
>
> In DERBY-6503 there was some discussion about changing how errors are handled
> when Derby fails to restrict the file permissions.
> There seemed to be consensus that Derby should raise an exception if the user
> had explicitly requested (by setting
> derby.storage.useDefaultFilePermissions=false) that it should try to restrict
> file permissions. Currently, it only raises an error on non-posix file
> systems that support access control lists.
> In the case were the user has not explicitly requested restriction of file
> permissions, two options have been suggested:
> 1) Raise an exception
> 2) Don't raise an exception, possibly print a warning in derby.log
> Option 1 is the more secure one, since it forces the user to make a decision
> on how to handle a possible security problem (either by addressing the
> underlying cause of the failure, so that permissions can be successfully
> restricted by Derby, or by disabling the file restriction functionality).
> Option 2 is the more backward compatible one, since it gracefully falls back
> to the pre-10.10/pre-Java 7 behaviour if it cannot restrict the file
> permissions.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
