Rick Hillegas created DERBY-6619:
------------------------------------
Summary: After silently swallowing SecurityExceptions, Derby can
leak class loaders
Key: DERBY-6619
URL: https://issues.apache.org/jira/browse/DERBY-6619
Project: Derby
Issue Type: Bug
Components: Services
Reporter: Rick Hillegas
As part of the fix for DERBY-3745, Derby silently swallows security exceptions
and leaks class loaders. This can give rise to denial-of-service attacks. At a
minimum, Derby should report the swallowed exceptions so that the security
policy can be corrected and the application can be hardened against this
attack. The swallowing occurs at these locations:
{noformat}
org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch
java.lang.SecurityException 0 line 175
org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch
java.lang.SecurityException 1 line 158
{noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
