Rick Hillegas created DERBY-6630:
------------------------------------
Summary: Applications can use JCECipherFactory to elevate their
privileges to those granted to Derby
Key: DERBY-6630
URL: https://issues.apache.org/jira/browse/DERBY-6630
Project: Derby
Issue Type: Bug
Components: Services
Affects Versions: 10.11.0.0
Reporter: Rick Hillegas
JCECipherFactory.run() performs security-sensitive operations. It is executed
in a privilege block by the init() method, which is, in turn, executed by the
public constructor. The class and its corresponding factory are public, which
means that any code running in the same JVM can run this security-sensitive
code with the privileges granted to Derby.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
