[jira] [Closed] (DERBY-1656) Define & implement directory structure for JUnit tests to allow clear separation of security access for derby testing and product jar files.

[Kathey Marsden (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DERBY-1656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kathey Marsden closed DERBY-1656.
---------------------------------

       Resolution: Fixed
    Fix Version/s: 10.3.3.0

Guessing fixed in 10.3 roughly

> Define & implement directory structure for JUnit tests to allow clear 
> separation of security access for derby testing and product jar files.
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1656
>                 URL: https://issues.apache.org/jira/browse/DERBY-1656
>             Project: Derby
>          Issue Type: Improvement
>          Components: Test
>            Reporter: Daniel John Debrunner
>             Fix For: 10.3.3.0
>
>
> Discussion in this thread highlights the risk with the current (old test 
> harness) approach of granting access to the testing code (the user 
> application) to read the database files themselves.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200608.mbox/%3c44d9eb37.6020...@sbcglobal.net%3e
> Policy suggested is:
> ${derby.system.home}
> Access only given to derby.jar/derbynet.jar, derbytools should not be
> reading files in the system home, derbytesting should only be able to
> access limited files, such as derby.log and derby.properties. The value
> of derby.system.home must not fall under any of the following folders,
> e.g. for the default case ${user.dir}/dsh would be good.
> ${user.dir}/databases
>    All databases created under this folder when derby.system.home is not
> set, access would only be granted to derby.jar
> ${user.dir}/extin,extout,extinout
>    Access granted as today
> ${user.dir}/tests
>    Folder test scripts, fail logs etc. permissions granted to
> derbytesting, maybe derbytools but not derby.jar & derbynet.jar
> Note that ideally tests should not be written to assume anything about the 
> database name or its location, that way we could have multiple sets of Junit 
> tests running in parallel, e.g. one against database  'wombat1' in 
> ${derby.system.home}, one against  databases/wombat2 in ${user.dir}.
> Eventually the same would apply for multiple derby systems in different 
> classloaders (DERBY-700),  so any scheme should take these desires into 
> account.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira