[
https://issues.apache.org/jira/browse/DERBY-2330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel John Debrunner closed DERBY-2330.
----------------------------------------
Resolution: Fixed
> Disallow user-defined SQL routines to resolve to entry points (methods in
> classes) in the org.apache.derby.* namespace
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-2330
> URL: https://issues.apache.org/jira/browse/DERBY-2330
> Project: Derby
> Issue Type: Improvement
> Components: Security, SQL
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Fix For: 10.3.0.0
>
>
> Disallowing routines from accessing Derby code directly stops the potential
> of remote code exploiting any security holes in Derby.
> Derby code can be seen as a special case since it is known that the Derby
> code will be on the classpath.
> Disallowing such routines makes security analysis easier and safer rather
> than trying to guarantee every public static method in Derby can not expose
> secured information.
> Routines in existing applications (in upgraded databases) that map to such
> Derby methods will fail at execute time.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
