[
https://issues.apache.org/jira/browse/DERBY-2908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510981
]
Myrna van Lunteren commented on DERBY-2908:
-------------------------------------------
After some more thinking, I realized that even though the solution to modify
the plugins is valid, we cannot do away with the user.dir read
permissions...The change of the default would only affect new projects;
existing projects (that did not have the default modified, which I would think
are most) will still have the ',' as derby.system.home, thus causing the
security error without the user.dir read permission.
So, we'll live with the work-around of keeping the user.dir read permission in
the default policy, and we can implement the change to the plugin e.g. in
version 10.4...
At that time, it would probably be a good idea to add functionality to the
plugin to enable editing the default policy.
I'll log a new bug, and closing this one as fixed (and roll it into the release
notes).
> 10.3.1.0 / 1.1.0 Derby eclipse plugin gives security error referring to
> user.dir read permission because derby.system.home is set to '.'
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-2908
> URL: https://issues.apache.org/jira/browse/DERBY-2908
> Project: Derby
> Issue Type: Bug
> Components: Eclipse Plug-in
> Affects Versions: 10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
> Environment: eclipse 3.2.1 with derby 10.3.1.0 core plugin, ui and
> doc plugin 1.1.0.
> Reporter: Myrna van Lunteren
> Attachments: derby-2908-patchDefaultPolicy-01.diff,
> DERBY-2908_plugin111.diff, DERBY-2908_plugin111.stat,
> derby_ecplipse_plugins_1.1.1_2908.zip
>
>
> The Derby nature sets by default -Dderby.system.home=. (set in
> plugins/eclipse/org.apache.derby.ui/src/org/apache/derby/ui/properties/DerbyProperties.java
> and checked in
> plugins/eclipse/org.apache.derby.ui/src/org/apache/derby/uitl/DerbyServerUtils.java)
> With the default security policy, however, such a setting for ij &
> NetworkServerControl results in a security error in ij.
> (See stack in thread:
> http://www.nabble.com/10.3.1.0b-eclipse-plugin---default-security-tf4030218.html)
> It's possible this is a bug in itself...
> One work around is to add the following permission to the default policy file:
> permission java.util.PropertyPermission "user.dir", "read";
> Another solution is to not set the derby.system.home to anything by default,
> and if it's not set to anything, not pass on -Dderby.system.home= to the
> networkserver process (specifying -Dderby.system.home= without a value fails
> to start networkserver).
> This would mean increasing the version of the plugins. To 1.1.1?
> Yet another thing would be to adjust the plugin to handle adjusting the
> security policy...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
