protecting security-sensitive operations on multi-tenant servers

Rick Hillegas rick.hillegas at gmail.com
Sun Mar 27 17:51:47 UTC 2022


Thanks, Alan. I don't have a lot of visibility into how Derby's security 
mechanisms are deployed. We only hear from users when they have 
problems--and we don't field many security-related issues. I will put 
your advice into our release notes: move your application into a 
container so that you will be protected when the Security Manager is 
removed.

Thanks,
-Rick

On 3/27/22 7:22 AM, Alan Bateman wrote:
>
>
> On 27/03/2022 14:45, Rick Hillegas wrote:
>> From the silence, I assume that there isn't any advice I can give 
>> Derby users. At this time the Security Manager is the only mechanism 
>> for protecting an application against these threats. Users should 
>> ignore the deprecation diagnostics and set 
>> -Djava.security.manager=allow.
>>
> I think it's more that the SM was never the right solution for this 
> type of isolation. Also some of the "operations" that you list, 
> creating class loaders, de-registering JDBC drivers, ... suggest there 
> may be potentially malicious code in these environments too. Do you 
> know if these are legacy deployments or Derby users that haven't 
> explored OS containers to isolate applications on the same hardware?
>
> -Alan





More information about the security-dev mailing list