[
https://issues.apache.org/jira/browse/DERBY-6598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kim Haase updated DERBY-6598:
-----------------------------
Attachment: DERBY-6598-2.zip
DERBY-6598-2.stat
DERBY-6598-2.diff
Thanks, Knut! Attaching DERBY-6598-2.diff, DERBY-6598-2.stat, and
DERBY-6598-2.zip, which change one fewer file than the previous patch --
rrefstorejarremove.dita reverts to its previous state. I also changed the text
in the Dev Guide topic somewhat. Hope this is okay.
M src/ref/rrefstorejarinstall.dita
M src/ref/rrefstorejarreplace.dita
M src/devguide/rdevdeploy856948.dita
> Document permissions recommendations for JAR procedures
> -------------------------------------------------------
>
> Key: DERBY-6598
> URL: https://issues.apache.org/jira/browse/DERBY-6598
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.11.0.0
> Reporter: Kim Haase
> Assignee: Kim Haase
> Attachments: DERBY-6598-2.diff, DERBY-6598-2.stat, DERBY-6598-2.zip,
> DERBY-6598.diff, DERBY-6598.stat, DERBY-6598.zip
>
>
> It's been recommended that we should make the documentation of the
> SQLJ.INSTALL_JAR procedure (and SQLJ.REPLACE_JAR) state more explicitly that
> the privilege should only be granted to trusted users. For example:
> "Since this procedure can be used to install arbitrary code that runs in the
> same Java Virtual Machine as the Derby database engine, the execution
> privilege should only be granted to trusted users."
> This needs to go into the Reference Manual topics on these procedures as well
> as other locations where they are discussed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
