Rick Hillegas created DERBY-6617:
------------------------------------
Summary: Silently swallowed SecurityExceptions may disable Derby
features, including security features.
Key: DERBY-6617
URL: https://issues.apache.org/jira/browse/DERBY-6617
Project: Derby
Issue Type: Bug
Components: Services
Affects Versions: 10.11.0.0
Reporter: Rick Hillegas
When the Monitor tries to read Derby properties, it silently swallows
SecurityExceptions. This means that the properties will be silently ignored if
Derby has not been granted sufficient privileges. This means that if you make a
mistake crafting your security policy, then you may disable authentication and
authorization. You may not realize this until you have incurred a security
breach. This swallowing occurs at the following code locations:
{noformat}
org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties
Catch java.lang.SecurityException 1 line 1360
org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch
java.lang.SecurityException 0 line 280
org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch
java.lang.SecurityException 1 line 183
org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
java.lang.SecurityException 1 line 120
{noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
