1) try to code access privileges in the routines themselves, that is separate from java security manager. Basically disallow access to derby files by adding code logic to determine if the files being read/written are derby files.
Instead of trying to write this "negative" logic, figuring out what files *oughtn't* to be written to, perhaps it would be easier to specify things the other way, and change import/export so that they are only capable of reading-from/writing-to a new, well-known location, which is certain not to contain any other files of importance.
That is, for each database, we define a new "import/export scratch space", whose location defaults to something reasonable but can be configured on a database-by-database basis if necessary, and import only ever looks for files in that directory, and export only ever writes files to that directory. thanks, bryan
