Hi Byan, Thank you for mentioning the DERBY-5363. I check the issue [DERBY-5363] Tighten permissions of DB files to owner with >= JDK7 - ASF JIRA and realized that that is exactly the same issue as I mentioned. So I think there is no need of further continuing on the issue I mentioned.
Thanks. On Wed, Aug 3, 2016 at 8:02 PM, Bryan Pendleton <[email protected]> wrote: > On 8/3/2016 5:43 AM, dulanja mallikarachchi wrote: > >> Hi All, >> >> When a database is created, two files are created inside "log" and "seg0" >> folders. These files can replaced with other files. Thus database is open >> to vulnerabilities. >> >> If we can restrict access to the above mentioned folders, we can get rid >> of this vulnerability. >> >> Thank you. >> >> > Thank you for looking into this. > > What you describe sounds quite similar to DERBY-5363: > > https://issues.apache.org/jira/browse/DERBY-5363 > > Perhaps you could describe your issue in more detail, and > describe how you think it relates to the work done on DERBY-5363. > > I.e., > > - do you think that DERBY-5363 has regressed? > - do you think that the fix for DERBY-5363 was inadequate? > - do you think that you are seeing a different issue entirely? > > thanks, > > bryan > > >
