sis-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Desruisseaux (JIRA)" <>
Subject [jira] [Created] (SIS-320) Enable SIS to run is security-constrained environments
Date Thu, 10 Mar 2016 14:56:40 GMT
Martin Desruisseaux created SIS-320:

             Summary: Enable SIS to run is security-constrained environments
                 Key: SIS-320
             Project: Spatial Information Systems
          Issue Type: Improvement
          Components: Metadata, Referencing, Storage, Utilities
    Affects Versions: 0.6, 0.5, 0.4, 0.3
            Reporter: Martin Desruisseaux
            Assignee: Martin Desruisseaux
             Fix For: 0.7

Wraps some code necessary to SIS working in {{AccessController.doPrivileged(...)}} blocks.

String dir = AccessController.doPrivileged((PrivilegedAction<String>) () -> {
    return System.getenv("SIS_DATA");

We should not wrap all security-sensitive request for information, but only those that are
needed for SIS working. Examples:

* Environment variable value for {{SIS_DATA}}.
* Property value for {{"java.naming.factory.initial"}}, {{"derby.system.home"}}.
* Call to {{Field.setAccessible(true)}} in {{clone()}} methods for setting final fields.

Information for which we do *not* request privileged actions at this time:

* MBean registration.
* Property value for {{"java.home"}}.
* Call to {{Field.setAccessible(true)}} on deserialization for setting final transient fields.

This message was sent by Atlassian JIRA

View raw message