| From: | "Renato" <webmaster(at)cienciapura(dot)com(dot)br> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | JDBC and security |
| Date: | 2001-06-28 22:03:58 |
| Message-ID: | 20010628220358.30266.qmail@hm32.locaweb.com.br |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Hi all,
I'm installing a secure shared web hosting server for JSP and Servlets and
I have the following problem. Trying to connect to Postgres I receive the
following message:
java.lang.ExceptionInInitializerError:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission shutdownHooks)
Looking at the source code, I see that Postgres driver make a call to
Runtime.getRuntime().addShutdownHook(new Thread(this)). By doing this I
have to include in my java.policy a line to give permission to the driver
to invoke the 'addShutdownHook' method. Looking at Sun's documentation at
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html, they
strongly recommend to NOT give this permission:
shutdownHooks - Registration and cancellation of virtual-machine shutdown
hooks - This allows an attacker to register a malicious shutdown hook that
interferes with the clean shutdown of the virtual machine.
Well, I do not want to give this permission. What should I do ? Is there
another postgres JDBC driver I should use ? Is it possible to recompile the
driver without the line that registers the hook ?
Any advices are greatly appreciated.
Thanks in advance
Renato - Brazil.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | vasudeva | 2001-06-29 01:41:41 | Problem in Remote PostgreSQL connection. |
| Previous Message | Tony Grant | 2001-06-28 07:18:08 | Re: Connection Pooling? |