Disallow user-defined SQL routines to resolve to entry points (methods in
classes) in the org.apache.derby.* namespace
----------------------------------------------------------------------------------------------------------------------
Key: DERBY-2330
URL: https://issues.apache.org/jira/browse/DERBY-2330
Project: Derby
Issue Type: Improvement
Components: Security, SQL
Reporter: Daniel John Debrunner
Assigned To: Daniel John Debrunner
Fix For: 10.3.0.0
Disallowing routines from accessing Derby code directly stops the potential of
remote code exploiting any security holes in Derby.
Derby code can be seen as a special case since it is known that the Derby code
will be on the classpath.
Disallowing such routines makes security analysis easier and safer rather than
trying to guarantee every public static method in Derby can not expose secured
information.
Routines in existing applications (in upgraded databases) that map to such
Derby methods will fail at execute time.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
