Mike Matrigali wrote: > In the continuing discussion about how to fix DERBY-700, the > current most likely solution is to require one or more new > internally set system properties. > > Basically there is a need to somehow in a single JVM to share > information from 2 classloaders, such that we can answer the > question of whether database X is currently opened by a > classloader in the current JVM. The proposal is to use the > java system property mechanism as the shared information point. > > Is this ok use of system properties, with respect to the > on-going security work? > > >From an existing user perspective:
Our documentation says the following permission is mandatory: permission java.util.PropertyPermission "derby.*", read http://publib.boulder.ibm.com/infocenter/cscv/v10r1/topic/com.ibm.cloudscape.doc/cdevbabejgjd.html If we need to add "write" it would be good if existing policy files still worked in the old capacity, preventing dual boot from separate JVMS but not from dual classloaders and putting a warning in the log that the permissions need to be changed to prevent dual boot of the database. Kathey
