[jira] [Commented] (DERBY-5363) Tighten default permissions of DB files with >= JDK6

Tue, 30 Aug 2011 08:42:02 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13093829#comment-13093829
 ] 

Dag H. Wanvik commented on DERBY-5363:
--------------------------------------

Thanks, Rick. The tables try to show what should/could be the behavior if we 
tried to persist the property derby.storage.useDefaultFilePermissions. If we 
did, we would need to specify what would happen when we later restarted the VM 
with possibly *another* value for this property: should the effective value 
change, or should the the (new) value be ignored.
In any case, as both Kathey and I observed, it gets messy.

Your questions: 1) I haven't found any others yet. I believe others pertain to 
a specific booted database. 2) Plain write or append or not isn't relevant for 
the permissions, I think. I think we write these files without appending to 
them, though. The restrictive permissions would preclude any writing to them at 
all by any user except the one that created them. 3) Correct.

> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>            Reporter: Dag H. Wanvik
>         Attachments: derby-5363-basic-1.diff, derby-5363-basic-1.stat, 
> permission-5.diff, permission-5.stat, permission-6.diff, permission-6.stat, 
> property-table.png, z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to