[
https://issues.apache.org/jira/browse/DERBY-467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kathey Marsden reassigned DERBY-467:
------------------------------------
Assignee: (was: Daniel John Debrunner)
> Restrict direct access to priviliged blocks from application code
> -----------------------------------------------------------------
>
> Key: DERBY-467
> URL: https://issues.apache.org/jira/browse/DERBY-467
> Project: Derby
> Issue Type: Improvement
> Components: Security
> Affects Versions: 10.1.1.0, 10.2.1.6
> Reporter: Daniel John Debrunner
>
> In looking at the privilged blocks in Derby several are accessible from
> application code, either as in public/protected methods and public classes.
> The fix for this includes:
> - making packages in the jar files sealed wherever possible
> - making classes and methods with privilged blocks as private as possible
> (private or package for methods, package for classes)
> As Derby moves towards a more client server approach (e.g. see grant/revoke)
> I started to perform a security analysis of the priviliged blocks, but
> realised it would be easier if I fixed the obvious problems first.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
