[
https://issues.apache.org/jira/browse/DERBY-6751?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-6751:
---------------------------------
Attachment: derby-6751-01-aa-usederbyinternals.diff
Attaching derby-6751-01-aa-usederbyinternals.diff. This patch adds a
usederbyinternals check to EmbedConnection.getLanguageConnection(). I am
running tests now.
Touches the following files:
----------------
M java/engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java
Adds a check for usederbyinternals permission to
EmbedConnection.getLanguageConnection().
----------------
M java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java
M java/engine/org/apache/derby/impl/jdbc/EmbedStatement.java
M java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
M java/engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java
M java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M java/engine/org/apache/derby/jdbc/InternalDriver.java
Wraps doPrivileged() blocks around the callers of
EmbedConnection.getLanguageConnection().
----------------
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java
Adds a test case to verify that application code can't call
EmbedConnection.getLanguageConnection() when running under a SecurityManager.
> Prevent user code from getting the LanguageConnectionContext from an
> EmbedConnection
> ------------------------------------------------------------------------------------
>
> Key: DERBY-6751
> URL: https://issues.apache.org/jira/browse/DERBY-6751
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.12.0.0
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-6751-01-aa-usederbyinternals.diff
>
>
> User code can cast a java.sql.Connection to an EmbedConnection and then get
> the LanguageConnectionContext by calling
> EmbedConnection.getLanguageConnection(). We should prevent user code from
> doing this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
