[
https://issues.apache.org/jira/browse/DERBY-6630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas closed DERBY-6630.
--------------------------------
> Applications can use JCECipherFactory to elevate their privileges to those
> granted to Derby
> -------------------------------------------------------------------------------------------
>
> Key: DERBY-6630
> URL: https://issues.apache.org/jira/browse/DERBY-6630
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.1.1
> Reporter: Rick Hillegas
> Fix For: 10.12.0.0
>
> Attachments: derby-6630-01-aa-usederbyinternals.diff
>
>
> JCECipherFactory.run() performs security-sensitive operations. It is executed
> in a privilege block by the init() method, which is, in turn, executed by the
> public constructor. The class and its corresponding factory are public, which
> means that any code running in the same JVM can run this security-sensitive
> code with the privileges granted to Derby.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
