protecting security-sensitive operations on multi-tenant servers
Rick Hillegas
rick.hillegas at gmail.com
Sun Mar 27 17:51:47 UTC 2022
Thanks, Alan. I don't have a lot of visibility into how Derby's security
mechanisms are deployed. We only hear from users when they have
problems--and we don't field many security-related issues. I will put
your advice into our release notes: move your application into a
container so that you will be protected when the Security Manager is
removed.
Thanks,
-Rick
On 3/27/22 7:22 AM, Alan Bateman wrote:
>
>
> On 27/03/2022 14:45, Rick Hillegas wrote:
>> From the silence, I assume that there isn't any advice I can give
>> Derby users. At this time the Security Manager is the only mechanism
>> for protecting an application against these threats. Users should
>> ignore the deprecation diagnostics and set
>> -Djava.security.manager=allow.
>>
> I think it's more that the SM was never the right solution for this
> type of isolation. Also some of the "operations" that you list,
> creating class loaders, de-registering JDBC drivers, ... suggest there
> may be potentially malicious code in these environments too. Do you
> know if these are legacy deployments or Derby users that haven't
> explored OS containers to isolate applications on the same hardware?
>
> -Alan
More information about the security-dev
mailing list