Daniel John Debrunner (JIRA) wrote: >I'm trying to think through the ramifications of using getProtectionDomain() >and hence possibly needing the associated permission in the policy file. One >issue is that this permission might be needed for all derby jar files, since >sysinfo is in all jars. >It probably comes down to what situations would we expect sysinfo to be >executed with a security manager present, > > NetworkServerControl.sysinfo() is a consideration. It already requires extra permissions, but this one could be problematic.
On a similar note: one thing we struggle with in suppport is getting accurate sysinfo and determining which Derby is getting loaded in deeply embedded environments. One enhancement I was considering filing was to have sysinfo dump to the derby.log automatically if derby.stream.error.logSeverityLevel=0 and permissions permit, but I was still mulling it over because we want to encourage more limited permissions not more. >in those situations how likely is the policy file going to be configured to >support sysinfo? Since sysinfo is really meant to >be a quick check of the classpath, not an integral part of an application. > > > > > I wonder the best way to get this information from customers if sysinfo is just meant to be a quick classpath check and not a definiitive answer to the age old question: "what derby jars am I using?" Kathey
