protecting security-sensitive operations on multi-tenant servers
Alan Bateman
Alan.Bateman at oracle.com
Sun Mar 27 14:22:46 UTC 2022
On 27/03/2022 14:45, Rick Hillegas wrote:
> From the silence, I assume that there isn't any advice I can give
> Derby users. At this time the Security Manager is the only mechanism
> for protecting an application against these threats. Users should
> ignore the deprecation diagnostics and set -Djava.security.manager=allow.
>
I think it's more that the SM was never the right solution for this type
of isolation. Also some of the "operations" that you list, creating
class loaders, de-registering JDBC drivers, ... suggest there may be
potentially malicious code in these environments too. Do you know if
these are legacy deployments or Derby users that haven't explored OS
containers to isolate applications on the same hardware?
-Alan
More information about the security-dev
mailing list