On 7/11/15 8:28 AM, Bryan Pendleton wrote:
I'm working on a final fix for DERBY-6807 for SqlXmlUtils, but I'd
prefer to make that change conditional, based on whether there is
a SecurityManager policy in place for the engine.
The reason for that is that if there is a SecurityManager in place,
SqlXmlUtils is already fully secure, because it delegates the
access decisions properly to the SecurityManager policy.
But if there is NOT a SecurityManager policy in effect, then it would
be more secure for SqlXmlUtils to disable certain XML features.
Is there example code that somebody can point me at which SqlXmlUtils
could use to detect whether or not a SecurityManager policy is in effect?
thanks,
bryan
Hi Bryan,
System.getSecurityManager() returns null if a security manager hasn't
been installed. Derby calls that method in several places.
NetworkServerControlImpl might be a good place to look for an example.
Thanks,
-Rick
