[
https://issues.apache.org/jira/browse/DERBY-6630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14151812#comment-14151812
]
ASF subversion and git services commented on DERBY-6630:
--------------------------------------------------------
Commit 1628206 from [~rhillegas] in branch 'code/trunk'
[ https://svn.apache.org/r1628206 ]
DERBY-6630: Reduce visibility of JCECipherFactory and protect it with the
usederbyinternals permission; tests passed cleanly on
derby-6630-01-aa-usederbyinternals.diff.
> Applications can use JCECipherFactory to elevate their privileges to those
> granted to Derby
> -------------------------------------------------------------------------------------------
>
> Key: DERBY-6630
> URL: https://issues.apache.org/jira/browse/DERBY-6630
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.1.1
> Reporter: Rick Hillegas
> Attachments: derby-6630-01-aa-usederbyinternals.diff
>
>
> JCECipherFactory.run() performs security-sensitive operations. It is executed
> in a privilege block by the init() method, which is, in turn, executed by the
> public constructor. The class and its corresponding factory are public, which
> means that any code running in the same JVM can run this security-sensitive
> code with the privileges granted to Derby.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
