[
https://issues.apache.org/jira/browse/DERBY-4978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12986441#action_12986441
]
Kim Haase commented on DERBY-4978:
----------------------------------
Thanks, Rick. I'll get in touch with Lance, but there's no rush.
In the meantime, would it be a decent start to say something like this in the
"Granting permissions to Derby"
(http://db.apache.org/derby/docs/dev/devguide/cdevbabejgjd.html) topic of the
dev guide?
permission java.sql.SQLPermission "callAbort";
Allows Derby code to call the java.sql.Connection.abort method, if this
permission is granted to derby.jar and derbyclient.jar. An application
developer should take care to grant this permission only to Derby and to tools
used by superusers.
I am not sure what the "grant codebase" part of the policy would look like --
this and what else? (I'm not sure it needs to be in the topic, but none of the
example security policies show a grant to more than one file, so I am wondering
if this is legal:
grant codeBase "file://f:/derby/lib/derby.jar",
"file://f:/derby/lib/derbyclient.jar" ...?
I think it would be possible to do it like this -- this would grant it to all
the jar file in the library, though -- would that be wrong?
grant codeBase "file:${derby.system.home}/lib/-" ... ?
> Document the new SQLPermission required by the JDBC 4.1
> Connection.abort(Executor) method
> -----------------------------------------------------------------------------------------
>
> Key: DERBY-4978
> URL: https://issues.apache.org/jira/browse/DERBY-4978
> Project: Derby
> Issue Type: Task
> Components: Documentation, JDBC
> Affects Versions: 10.8.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
>
> We need to add material to the Reference and Developer's Guides as described
> in the 2011-01-14 comment on DERBY-4869.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
