[
https://issues.apache.org/jira/browse/DERBY-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12533728
]
Rick Hillegas commented on DERBY-3083:
--------------------------------------
I imagine that we could parameterize the names of the jars in the default
policy and then teach server startup to make some smart guesses about which
jars are germane, based on whether they contain certain distinguished classes.
Technically, there's nothing to prevent users from breaking open all of Derby's
jar files and recombining them into a single giant jar. I think that if a user
does that, then the user is responsible for adjusting the security policy.
If Maven is going to rename jar files, then I think Maven needs to regenerate
the security policy. This is just how Java security works: permissions are
granted to named code domains and those domains are identified by jar file
names.
Aaron is right that we haven't stated explicitly what kinds of tampering void
your warranty. Perhaps we should add a big warning in our user guides.
> Network server demands a file called "derbynet.jar" in classpath
> ----------------------------------------------------------------
>
> Key: DERBY-3083
> URL: https://issues.apache.org/jira/browse/DERBY-3083
> Project: Derby
> Issue Type: Bug
> Components: Tools
> Affects Versions: 10.3.1.4
> Reporter: Aaron Digulla
>
> The network server will not start if the derbynet jar is added under a
> different name than "derbynet.jar" to the classpath. This makes it impossible
> to use it in maven projects where the jar is renamed to
> "derbynet-10.3.1.4.jar".
> This did work with 10.2.2.0
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
