[
https://issues.apache.org/jira/browse/SIS-320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Desruisseaux closed SIS-320.
-----------------------------------
Resolution: Won't Fix
> Enable SIS to run is security-constrained environments
> ------------------------------------------------------
>
> Key: SIS-320
> URL: https://issues.apache.org/jira/browse/SIS-320
> Project: Spatial Information Systems
> Issue Type: Improvement
> Components: Metadata, Referencing, Storage, Utilities
> Reporter: Martin Desruisseaux
> Assignee: Martin Desruisseaux
> Priority: Major
> Labels: Jigsaw
> Fix For: 1.2
>
>
> Wraps some code necessary to SIS working in
> {{AccessController.doPrivileged(...)}} blocks. Examples:
> {code:java}
> String dir = AccessController.doPrivileged((PrivilegedAction<String>) () -> {
> return System.getenv("SIS_DATA");
> });
> {code}
> We should not wrap all security-sensitive request for information, but only
> those that are needed for SIS working. Examples:
> * Environment variable value for {{SIS_DATA}}.
> * Property value for {{"java.naming.factory.initial"}},
> {{"derby.system.home"}}.
> * Call to {{Field.setAccessible(true)}} in {{clone()}} methods for setting
> final fields.
> Information for which we do *not* request privileged actions at this time:
> * MBean registration.
> * Property value for {{"java.home"}}.
> * Call to {{Field.setAccessible(true)}} on deserialization for setting final
> transient fields.
> Initial patch for SIS has been submitted by Guilhem Légal.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
