Thanks, Alan. I don't have a lot of visibility into how Derby's security
mechanisms are deployed. We only hear from users when they have
problems--and we don't field many security-related issues. I will put
your advice into our release notes: move your application into a
container so that you
On 27/03/2022 14:45, Rick Hillegas wrote:
From the silence, I assume that there isn't any advice I can give
Derby users. At this time the Security Manager is the only mechanism
for protecting an application against these threats. Users should
ignore the deprecation diagnostics and set
From the silence, I assume that there isn't any advice I can give Derby
users. At this time the Security Manager is the only mechanism for
protecting an application against these threats. Users should ignore the
deprecation diagnostics and set -Djava.security.manager=allow.
On 3/24/22 2:27
The Apache Derby community is getting ready to vet a new release which
can be used on Java 17. Before buttoning down the release, I wanted to
check in on current best practices for defending enterprise applications
against the threats which the Java Security Manager parries. There may
be some