aruny 2004/02/12 02:04:27
Modified: java/src/org/apache/xalan/lib/sql Tag: jaxp12112003_branch
DefaultConnectionPool.java
Added: java/src/org/apache/xalan/lib/sql Tag: jaxp12112003_branch
ObjectFactory.java SecuritySupport.java
SecuritySupport12.java
Log:
ObjectFactory class exposes class loaders publicly which allow untrusted code
to access internal classes. Making following changes to fix it.
1.Duplicating the ObjectFactory, SecuritySupport.java and
SecuritySupport12.java class in order to make it package private in each of the
packages that require its services.
2.Using checkPackageAccess() to prevent access to internal packages of
jdk(sun.*).
Revision Changes Path
No revision
No revision
1.18.2.1 +1 -1
xml-xalan/java/src/org/apache/xalan/lib/sql/DefaultConnectionPool.java
Index: DefaultConnectionPool.java
===================================================================
RCS file:
/home/cvs/xml-xalan/java/src/org/apache/xalan/lib/sql/DefaultConnectionPool.java,v
retrieving revision 1.18
retrieving revision 1.18.2.1
diff -u -r1.18 -r1.18.2.1
--- DefaultConnectionPool.java 22 Oct 2003 17:35:37 -0000 1.18
+++ DefaultConnectionPool.java 12 Feb 2004 10:04:27 -0000 1.18.2.1
@@ -67,7 +67,7 @@
import org.apache.xalan.res.XSLMessages;
import org.apache.xalan.res.XSLTErrorResources;
-import org.apache.xml.utils.ObjectFactory;
+
/**
* For internal connectiones, i.e. Connection information supplies in the
No revision
Index: DefaultConnectionPool.java
===================================================================
RCS file:
/home/cvs/xml-xalan/java/src/org/apache/xalan/lib/sql/DefaultConnectionPool.java,v
retrieving revision 1.18
retrieving revision 1.18.2.1
diff -u -r1.18 -r1.18.2.1
--- DefaultConnectionPool.java 22 Oct 2003 17:35:37 -0000 1.18
+++ DefaultConnectionPool.java 12 Feb 2004 10:04:27 -0000 1.18.2.1
@@ -67,7 +67,7 @@
import org.apache.xalan.res.XSLMessages;
import org.apache.xalan.res.XSLTErrorResources;
-import org.apache.xml.utils.ObjectFactory;
+
/**
* For internal connectiones, i.e. Connection information supplies in the
No revision
Index: DefaultConnectionPool.java
===================================================================
RCS file:
/home/cvs/xml-xalan/java/src/org/apache/xalan/lib/sql/DefaultConnectionPool.java,v
retrieving revision 1.18
retrieving revision 1.18.2.1
diff -u -r1.18 -r1.18.2.1
--- DefaultConnectionPool.java 22 Oct 2003 17:35:37 -0000 1.18
+++ DefaultConnectionPool.java 12 Feb 2004 10:04:27 -0000 1.18.2.1
@@ -67,7 +67,7 @@
import org.apache.xalan.res.XSLMessages;
import org.apache.xalan.res.XSLTErrorResources;
-import org.apache.xml.utils.ObjectFactory;
+
/**
* For internal connectiones, i.e. Connection information supplies in the
1.1.2.1 +665 -0
xml-xalan/java/src/org/apache/xalan/lib/sql/Attic/ObjectFactory.java
1.1.2.1 +159 -0
xml-xalan/java/src/org/apache/xalan/lib/sql/Attic/SecuritySupport.java
1.1.2.1 +180 -0
xml-xalan/java/src/org/apache/xalan/lib/sql/Attic/SecuritySupport12.java
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
