protecting security-sensitive operations on multi-tenant servers
Rick Hillegas
rick.hillegas at gmail.com
Thu Mar 24 21:27:25 UTC 2022
The Apache Derby community is getting ready to vet a new release which
can be used on Java 17. Before buttoning down the release, I wanted to
check in on current best practices for defending enterprise applications
against the threats which the Java Security Manager parries. There may
be some work we could do to better prepare our users for a future
without a Security Manager.
In particular, what are current best Java practices for protecting a
multi-tenant server against abuse of the following security-sensitive
operations:
o Reading and setting of system properties.
o Creation of class loaders.
o File access
o Network access
o De-registration of JDBC drivers
Thanks,
-Rick
More information about the security-dev
mailing list