[
https://issues.apache.org/jira/browse/DERBY-6598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kim Haase resolved DERBY-6598.
------------------------------
Resolution: Fixed
Fix Version/s: 10.11.0.0
Issue & fix info: (was: Patch Available)
> Document permissions recommendations for JAR procedures
> -------------------------------------------------------
>
> Key: DERBY-6598
> URL: https://issues.apache.org/jira/browse/DERBY-6598
> Project: Derby
> Issue Type: Bug
> Components: Documentation
> Affects Versions: 10.11.0.0
> Reporter: Kim Haase
> Assignee: Kim Haase
> Fix For: 10.11.0.0
>
> Attachments: DERBY-6598-2.diff, DERBY-6598-2.stat, DERBY-6598-2.zip,
> DERBY-6598.diff, DERBY-6598.stat, DERBY-6598.zip
>
>
> It's been recommended that we should make the documentation of the
> SQLJ.INSTALL_JAR procedure (and SQLJ.REPLACE_JAR) state more explicitly that
> the privilege should only be granted to trusted users. For example:
> "Since this procedure can be used to install arbitrary code that runs in the
> same Java Virtual Machine as the Derby database engine, the execution
> privilege should only be granted to trusted users."
> This needs to go into the Reference Manual topics on these procedures as well
> as other locations where they are discussed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
