[jira] [Commented] (DERBY-6741) User code can get the ContextManager from an EmbedConnection

Mon, 13 Jul 2015 19:13:35 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14625693#comment-14625693
 ] 

Bryan Pendleton commented on DERBY-6741:
----------------------------------------

Perhaps:

    public  void    test_002_EmbedConnection()
        throws Exception
    {
        Connection  conn = getConnection();
        try {
            ((EmbedConnection) conn).getContextManager();
            fail( "Should have raised an AccessControlException" );
        }
        catch (AccessControlException e) { println( "Caught an 
AccessControlException" ); }
    }

should be:

    public  void    test_002_EmbedConnection()
        throws Exception
    {
        try {
            Connection  conn = getConnection();
            ((EmbedConnection) conn).getContextManager();
            fail( "Should have raised an AccessControlException" );
        }
        catch (AccessControlException e) { println( "Caught an 
AccessControlException" ); }
    }


> User code can get the ContextManager from an EmbedConnection
> ------------------------------------------------------------
>
>                 Key: DERBY-6741
>                 URL: https://issues.apache.org/jira/browse/DERBY-6741
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC, Services
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>             Fix For: 10.12.0.0
>
>         Attachments: derby-6741-01-aa-usederbyinternals.diff, derby.log, 
> error-stacktrace.out
>
>
> EmbedConnection.getContextManager() is a public method. Exposing internals 
> like the ContextManager is a security risk.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to