Disallow code in installed jars from resolving classes in the
org.apache.derby.* namespace except for public apis.
------------------------------------------------------------------------------------------------------------------
Key: DERBY-2331
URL: https://issues.apache.org/jira/browse/DERBY-2331
Project: Derby
Issue Type: Improvement
Components: Security
Reporter: Daniel John Debrunner
Assigned To: Daniel John Debrunner
Fix For: 10.3.0.0
Since Derby is open source and (obviously) contains the code to read database
files and is modular the potential exists that routines could utilize code on
the classpath to read/modify database information directly, bypassing SQL level
security.
Derby is a special case here as it is known that Derby code will be on the
classpath and that it will have the correct permissions to read/write database
files.
Existing routines from upgraded databases will fail at execute time when they
try to resolve such classes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
