Bryan Pendleton (JIRA) wrote:
I think that the current statement of things is something like:
- getProtectionDomain is a useful call, but it requires too many permissions
under a SecurityManager, so for the purposes of SysInfo, which merely wants to
report on the actual location from which an already-loaded class was loaded, we
feel that getResource is a superior technique.
How does that sound?
I think it is really great that we are getting rid of the
getProtectionDomain permission requirement for sysinfo especially if
DERBY-1272 is implemented as I hope it will be. If DERBY-1272 is
implemented sysinfo will be used often in embedded security manager
environments and in custom class-loaders where the classpath might have
a different location than that of the jar being used.
What exactly do we lose by using getResource instead of
getProtectionDomain? Might sysinfo ever print a wrong location?
Kathey
