[
https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13095596#comment-13095596
]
Kathy Saunders commented on DERBY-5363:
---------------------------------------
I just wanted to comment on this issue as I have worked with Derby for a long
time and have also worked in a support capacity with customers who use Derby.
I think that Kathey said it well--the embedded solution was originally designed
to be zero admin, and not secure by default (to keep administration to a
mimimum). Many people who use embedded Derby protect it at other levels within
their solutions. I have seen many uses of embedded Derby that would break if
the permissions of the DB files change. From a support perspective, changing
the default behavior generally causes confusion. I would expect that a change
like this would generate issues when people upgrade, as they may not have read
the documentation that talks about the new behavior. My vote would be to leave
the default permissions as is in the embedded case.
> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
> Key: DERBY-5363
> URL: https://issues.apache.org/jira/browse/DERBY-5363
> Project: Derby
> Issue Type: Improvement
> Components: Miscellaneous, Services, Store
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Attachments: derby-5363-basic-1.diff, derby-5363-basic-1.stat,
> derby-5363-basic-2.diff, derby-5363-basic-2.stat, permission-5.diff,
> permission-5.stat, permission-6.diff, permission-6.stat, property-table.png,
> z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
