[jira] [Closed] (DERBY-6641) Application code may be able to use the public LogToFile class to interfere with Derby's operation.

Rick Hillegas (JIRA) Thu, 02 Oct 2014 06:29:48 -0700

     [ 
https://issues.apache.org/jira/browse/DERBY-6641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rick Hillegas closed DERBY-6641.
--------------------------------

> Application code may be able to use the public LogToFile class to interfere 
> with Derby's operation.
> ---------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-6641
>                 URL: https://issues.apache.org/jira/browse/DERBY-6641
>             Project: Derby
>          Issue Type: Bug
>          Components: Store
>    Affects Versions: 10.11.1.1
>            Reporter: Rick Hillegas
>             Fix For: 10.12.0.0
>
>
> With a little work, I think that an application could dig up the LogFactory 
> and cast it to LogToFile. This could give the application elevated privileges 
> to overwrite sensitive Derby-managed data.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Closed] (DERBY-6641) Application code may be able to use the public LogToFile class to interfere with Derby's operation.

Reply via email to