Bryan Pendleton wrote:
1) try to code access privileges in the routines themselves, that is
separate from java security manager. Basically
disallow access to derby files by adding code logic to determine if
the files being read/written are derby files.
Instead of trying to write this "negative" logic, figuring out
what files *oughtn't* to be written to, perhaps it would be
easier to specify things the other way, and change import/export
so that they are only capable of reading-from/writing-to a
new, well-known location, which is certain not to contain any
other files of importance.
That is, for each database, we define a new "import/export scratch space",
whose location defaults to something reasonable but can be configured
on a database-by-database basis if necessary, and import only ever
looks for files in that directory, and export only ever writes files
to that directory.
I had the same thoughts as you, Bryan, but I guess this will introduce
incompatibilities for existing users who currently gets to decide where
the exported data should be written.
--
Øystein
