The upcoming release of Derby 10.3 will make networked configurations
safer by installing a Java security manager if the user forgets to
install one. This will happen only if the user boots the network server
without installing a security manager. As a result, it will be harder
for hackers to corrupt multi-user applications and shared machines. A
new command line option will turn off this default behavior. If the
disabling command line option is specified, then the network server will
boot without installing a security manager just as it does today in
release 10.2.
This added security introduces some incompatibilities between 10.3 and
the previous 10.2 release:
1) Application startup may run a little slower as Derby performs initial
access checks on referenced tables.
2) SecurityExceptions may occur if user-written functions and procedures
perform sensitive operations such as file i/o and system property
manipulation.
For more information on this security enhancement, please see the
release note attached to http://issues.apache.org/jira/browse/DERBY-2757
Please speak up if you think that these incompatibilities will be
intolerable.
Thanks,
-Rick
