[jira] Commented: (DERBY-2206) Provide complete security model for Java routines

Fri, 19 Jan 2007 09:24:51 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466107
 ] 

Daniel John Debrunner commented on DERBY-2206:
----------------------------------------------

SYS.JRE - Right, I was thinking about that this morning and it ities into the 
other thread about bootclasspath and the ability to tell if a class is on the 
bootclasspath. I think SYS.JRE really means any class on the boot class path, 
but currently the decision needs to be made before the class is loaded. That is 
decide to load from the jar classloader or delegate elsewhere. A possible 
alternative is to load any class using the default mechamism and then decide if 
it belongs to the JRE or not and make decisions off that.

One more factor is seeing if the statement below has been extended to all 
classes defined in J2SE or continues to be just the java.* classes:

"First, the ClassLoader will not attempt to load any classes in java.* packages 
from over the network. "

http://java.sun.com/developer/onlineTraining/Security/Fundamentals/Security.html

Possibly if the statement above continues to be true (limited to java.*) and 
this is sufficient for security of the JVM then it's sufficient for Derby and 
SYS.JRE could just mean the java.* classes. 


> Provide complete security model for Java routines
> -------------------------------------------------
>
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>             Fix For: 10.3.0.0
>
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for 
> user-created objects such as Functions and Procedures. In the future this may 
> include Aggregates and Function Tables also. The issues are summarized on the 
> following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity. 
> Plugin management can be tracked by this JIRA rather than by DERBY-2109. This 
> is a master JIRA to which subtasks can be linked.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to