[ 
https://issues.apache.org/jira/browse/DERBY-3476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14052264#comment-14052264
 ] 

Knut Anders Hatlen commented on DERBY-3476:
-------------------------------------------

DatabasePermission, SystemPermission and SystemPrincipal are all final and have 
serialization identifiers now.

The serialization logic could still benefit from some improvements, tough:
- DatabasePermission would be more future-proof if it persisted the action 
string (currently it doesn't because it knows it has to be "create").
- SystemPermission doesn't validate the name and the action string on 
deserialization. It should perform the same checks on deserialization as it 
does in its constructor.
- SystemPrincipal doesn't validate the name on deserialization. It should 
perform the same checks as its constructor.

> Permissions and Principal objects added by this feature need to be final and 
> have serialization identifiers
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3476
>                 URL: https://issues.apache.org/jira/browse/DERBY-3476
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Services
>            Reporter: Daniel John Debrunner
>
> Need serialization id to ensure the class is portable across releases.
> Need final to provide security.
> (assumes patch10 is committed from DERBY-2109)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to