On 5/5/06, Kathey Marsden <[EMAIL PROTECTED]> wrote:
I think it is really great that we are getting rid of the getProtectionDomain permission requirement for sysinfo especially if DERBY-1272 is implemented as I hope it will be. If DERBY-1272 is implemented sysinfo will be used often in embedded security manager environments and in custom class-loaders where the classpath might have a different location than that of the jar being used. What exactly do we lose by using getResource instead of getProtectionDomain? Might sysinfo ever print a wrong location?
I responded to Kathey on IRC, but I wanted to make sure this was posted to the list. I don't think we lost anything by not using getProtectionDomain, since in order to get the Class object to pass into getProtectionDomain, we would essentially need the same permissions as we need for getResource. So if we didn't have the permission for getResource, we wouldn't have the class object to call the code we had been using that contained getProtectionDomain. I certainly don't think that in either case a wrong location would appear. You might not get all the output you are expecting though if it turns out that sysinfo in a different classloader context than where your other derby jars are loaded. And speaking of that, I agree it would be nice if 1272 were implemented. andrew
