[jira] Closed: (DERBY-2556) Code paths for db restore do not use doPrivileged-calls, causing SecurityException

Fri, 31 Oct 2008 02:41:38 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kristian Waagan closed DERBY-2556.
----------------------------------

    Resolution: Fixed

Thanks for bringing this up again, Kathey.

I'm closing the issue, and I'm not planning to port it to 10.4.
There are conflicts in the merge, and in my view the potential security threat 
is limited (exists, isDirectory, list, mkdirs).

In case anyone feel differently, porting the fix is doable with some manual 
changes.

> Code paths for db restore do not use doPrivileged-calls, causing 
> SecurityException
> ----------------------------------------------------------------------------------
>
>                 Key: DERBY-2556
>                 URL: https://issues.apache.org/jira/browse/DERBY-2556
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.2.2.0, 10.3.1.4
>         Environment: Derby running with a security manager.
>            Reporter: Kristian Waagan
>            Assignee: Kristian Waagan
>             Fix For: 10.3.1.4
>
>         Attachments: derby-2556-2a_whitespace-javadoc.diff, 
> derby-2556-3a_alternative-patch.diff, derby-2556-3a_alternative-patch.stat, 
> derby-2556-4a_alternative-patch.diff, derby-2556-4a_alternative-patch.stat, 
> derby-2556-5a-reworked_fix.diff, derby-2556-5a-reworked_fix.stat, 
> derby-2556-5b-reworked_fix.diff, derby-2556-5b-reworked_fix.stat, 
> derby-2556_diff.txt, derby-2556_stat.txt
>
>
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a 
> database from a backup image, a SecurityException is thrown even though the 
> policyfile for codebase derby.jar is correctly configured (giving Derby 
> access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments): 
> https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the 
> "application-level code", or granting the required permissions to the 
> application codebase as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to