Обсуждение: JDBC and security
Hi all, I'm installing a secure shared web hosting server for JSP and Servlets and I have the following problem. Trying to connect to Postgres I receive the following message: java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.lang.RuntimePermission shutdownHooks) Looking at the source code, I see that Postgres driver make a call to Runtime.getRuntime().addShutdownHook(new Thread(this)). By doing this I have to include in my java.policy a line to give permission to the driver to invoke the 'addShutdownHook' method. Looking at Sun's documentation at http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html, they strongly recommend to NOT give this permission: shutdownHooks - Registration and cancellation of virtual-machine shutdown hooks - This allows an attacker to register a malicious shutdown hook that interferes with the clean shutdown of the virtual machine. Well, I do not want to give this permission. What should I do ? Is there another postgres JDBC driver I should use ? Is it possible to recompile the driver without the line that registers the hook ? Any advices are greatly appreciated. Thanks in advance Renato - Brazil.
Since this is the second report of problems with this 'feature' I decided to look into this some more. This code isn't even doing anything. The shutdownhook gets registered, but it doesn't do anything. You can safely comment out the ShutdownHook registration and rebuild. You can also build with a 1.2 JDK which builds without this feature. I will submit a patch that removes this 'feature'. I will do this because: 1) It isn't implemented anyway (the necessary changes to Connection where never done). 2) It has the problem reported here and previously with running under a security manager 3) I don't feel there is any real benefit to the functionality provided 4) This is the only reason there is a separate jar file created for 1.3 JDKs. I think the fewer different jar files we have the better. It is too confusing to have too many different code bases. There are currently different builds for 1.1, 1.2, 1.3 and 1.2enterprise JDKs. The 1.1 and 1.2 are necessary because the JDBC spec changed significantly between those two releases (i.e. jdbc1 vs jdbc2). thanks, --Barry Renato wrote: > Hi all, > > I'm installing a secure shared web hosting server for JSP and Servlets and > I have the following problem. Trying to connect to Postgres I receive the > following message: > > java.lang.ExceptionInInitializerError: > java.security.AccessControlException: access denied > (java.lang.RuntimePermission shutdownHooks) > > Looking at the source code, I see that Postgres driver make a call to > Runtime.getRuntime().addShutdownHook(new Thread(this)). By doing this I > have to include in my java.policy a line to give permission to the driver > to invoke the 'addShutdownHook' method. Looking at Sun's documentation at > http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html, they > strongly recommend to NOT give this permission: > > shutdownHooks - Registration and cancellation of virtual-machine shutdown > hooks - This allows an attacker to register a malicious shutdown hook that > interferes with the clean shutdown of the virtual machine. > > Well, I do not want to give this permission. What should I do ? Is there > another postgres JDBC driver I should use ? Is it possible to recompile the > driver without the line that registers the hook ? > > Any advices are greatly appreciated. > > Thanks in advance > Renato - Brazil. > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster > >
> Since this is the second report of problems with this 'feature' I > decided to look into this some more. This code isn't even doing > anything. The shutdownhook gets registered, but it doesn't do anything. > > You can safely comment out the ShutdownHook registration and rebuild. > You can also build with a 1.2 JDK which builds without this feature. > > I will submit a patch that removes this 'feature'. I will do this because: > > 1) It isn't implemented anyway (the necessary changes to Connection > where never done). > 2) It has the problem reported here and previously with running under a > security manager > 3) I don't feel there is any real benefit to the functionality provided > 4) This is the only reason there is a separate jar file created for 1.3 > JDKs. I think the fewer different jar files we have the better. It is > too confusing to have too many different code bases. There are > currently different builds for 1.1, 1.2, 1.3 and 1.2enterprise JDKs. > The 1.1 and 1.2 are necessary because the JDBC spec changed > significantly between those two releases (i.e. jdbc1 vs jdbc2). Agreed. If we really need it we can add it later. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026