will be protected when the Security Manager is
removed.
Thanks,
-Rick
On 3/27/22 7:22 AM, Alan Bateman wrote:
On 27/03/2022 14:45, Rick Hillegas wrote:
From the silence, I assume that there isn't any advice I can give
Derby users. At this time the Security Manager is the only mechanism
, Rick Hillegas wrote:
The Apache Derby community is getting ready to vet a new release which
can be used on Java 17. Before buttoning down the release, I wanted to
check in on current best practices for defending enterprise
applications against the threats which the Java Security Manager
The Apache Derby community is getting ready to vet a new release which
can be used on Java 17. Before buttoning down the release, I wanted to
check in on current best practices for defending enterprise applications
against the threats which the Java Security Manager parries. There may
be some
opinion.
On 11/18/21 11:21 AM, Sean Mullan wrote:
On 11/18/21 1:22 PM, Rick Hillegas wrote:
Here's the output I get when I run that program against 18-ea+23-1525
WITHOUT setting java.security.manager on the boot command line:
Exception in thread "main" java.lang.UnsupportedOperatio
Re-sending from the account linked to my security-dev subscription
Forwarded Message
Build 18-ea+23-1525 has introduced another hurdle for applications which
use the SecurityManager. In order to install a SecurityManager, you now
have to set -Djava.security.manager=allow
://bernd.eckenfels.net
Von: security-dev im Auftrag von Rick Hillegas
Gesendet: Wednesday, November 3, 2021 6:07:00 PM
An: Sean Mullan ; security-dev@openjdk.java.net
Betreff: Re: previously prevented exploit now possible with JDK 18
Thanks for your detailed comments
s/jar/jar.html#signed-jar-file
On 10/28/21 3:14 PM, Rick Hillegas wrote:
As a canary in the mineshaft, I built and tested Apache Derby with the
recent build 18-ea+20-1248 of Open JDK 18. I tripped across the
following issue when running Derby's regression tests. The problem is
exp
On 10/29/21 4:58 AM, Alan Bateman wrote:
On 28/10/2021 20:14, Rick Hillegas wrote:
As a canary in the mineshaft, I built and tested Apache Derby with
the recent build 18-ea+20-1248 of Open JDK 18. I tripped across the
following issue when running Derby's regression tests. The problem
As a canary in the mineshaft, I built and tested Apache Derby with the
recent build 18-ea+20-1248 of Open JDK 18. I tripped across the
following issue when running Derby's regression tests. The problem is
explained in more detail at
https://issues.apache.org/jira/browse/DERBY-7126, where a
On 6/17/21 4:56 AM, Alan Bateman wrote:
On 17/06/2021 00:30, Rick Hillegas wrote:
Thanks for that advice, Alan. I have rototilled
@SuppressWarnings("removal") annotations across the Derby codebase
and thrown more memory at javadoc so that it won't crash on JDK 11.
When I run De
actionable information.
On 6/15/21 8:56 AM, Alan Bateman wrote:
On 15/06/2021 15:10, Rick Hillegas wrote:
:
When I tried to build Derby with the Rampdown Phase One build of open
JDK 17 (17-ea+26-2439), I saw many warnings related to the
deprecation of Security Manager classes and methods, u
Thanks, Peter. Derby supports a couple authorization mechanisms, the
most important one being the role-based SQL Standard GRANT/REVOKE
commands (see
https://db.apache.org/derby/docs/10.15/security/csecauthorization.html).
I'm afraid that my old eyes didn't see a link to your authorization
Resending this message from the account associated with my security-dev
subscription, in the hope that this will bypass moderation:
Rory O'Donnell recommended that I bring this issue to the security
developers' mailing list. I work on Apache Derby. Derby is one of the
applications which
13 matches
Mail list logo