From: | "Renato" <webmaster(at)cienciapura(dot)com(dot)br> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | JDBC and security |
Date: | 2001-06-28 22:03:58 |
Message-ID: | 20010628220358.30266.qmail@hm32.locaweb.com.br |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Hi all,
I'm installing a secure shared web hosting server for JSP and Servlets and
I have the following problem. Trying to connect to Postgres I receive the
following message:
java.lang.ExceptionInInitializerError:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission shutdownHooks)
Looking at the source code, I see that Postgres driver make a call to
Runtime.getRuntime().addShutdownHook(new Thread(this)). By doing this I
have to include in my java.policy a line to give permission to the driver
to invoke the 'addShutdownHook' method. Looking at Sun's documentation at
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html, they
strongly recommend to NOT give this permission:
shutdownHooks - Registration and cancellation of virtual-machine shutdown
hooks - This allows an attacker to register a malicious shutdown hook that
interferes with the clean shutdown of the virtual machine.
Well, I do not want to give this permission. What should I do ? Is there
another postgres JDBC driver I should use ? Is it possible to recompile the
driver without the line that registers the hook ?
Any advices are greatly appreciated.
Thanks in advance
Renato - Brazil.
From | Date | Subject | |
---|---|---|---|
Next Message | vasudeva | 2001-06-29 01:41:41 | Problem in Remote PostgreSQL connection. |
Previous Message | Tony Grant | 2001-06-28 07:18:08 | Re: Connection Pooling? |