Kristian Waagan wrote:
Hi Daniel,
Have you considered using symbolic links?
(btw, something to check out here is how Java security interacts with
symlinks)
It seems to canonicalise the path excessively, so it would probably do
the right thing and make sure you have permission to both locations. I
have noticed Java even checks this even if you have a FilePermission for
all files. :rollseyes:
On UNIX this would have been a fairly sensible option... Windows does
have symlinks now, but not *every* version of the OS we support. On a
related note I have noticed Java has issues with my second hard disk
which is mounted at C:\Data, so it may not be great for symlinks either.
Regarding disallowing access for selected databases, is using the access
rights mechanisms provided by the OS/file system an option?
I do realize there are limitations and challenges with the approach(es)...
Using the filesystem for access control works but puts the burden on the
sysadmin to get it right (and it's something which is hard to check from
Java land, "are the permissions on this entire hard disk correct?"
Hiding the entire thing behind a REST or similar API would be another
solution to the problem, but it's a pretty steep hill. I just thought I
would throw the question out there because a simple API which takes a
path and returns a path would have been an elegant solution, even if it
were buried deep in the server code.
Daniel
--
Daniel Noll Forensic and eDiscovery Software
Senior Developer The world's most advanced
Nuix email data analysis
http://nuix.com/ and eDiscovery software
