[jira] [Commented] (DERBY-5363) Tighten default permissions of DB files with >= JDK6

Fri, 19 Aug 2011 11:16:55 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13087849#comment-13087849
 ] 

Kathey Marsden commented on DERBY-5363:
---------------------------------------

Hi Dag,

I was wondering what would happen in practice in the following upgrade scenario:

1) Assume the site has been starting network server from the command line with 
various users, relying on umask settings to control permissions.
2) They upgrade to 10.9 with your changes and of course didn't read the release 
notes to set the property.
3) User A  starts network server and a client connects creating the new more 
restrictive derby.log and stops the server.
4) User B starts network server and a client connects, but presumably can't 
access derby.log.  What kind of error would they get?  What recovery steps do 
they need to take ?



> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>            Reporter: Dag H. Wanvik
>         Attachments: permission-5.diff, permission-5.stat, permission-6.diff, 
> permission-6.stat, z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to