Re: JDBC and security

[Barry Lind <barry(at)xythos(dot)com>]

Since this is the second report of problems with this 'feature' I 
decided to look into this some more.  This code isn't even doing 
anything.  The shutdownhook gets registered, but it doesn't do anything.

You can safely comment out the ShutdownHook registration and rebuild. 
You can also build with a 1.2 JDK which builds without this feature.

I will submit a patch that removes this 'feature'.  I will do this because:

1) It isn't implemented anyway (the necessary changes to Connection 
where never done).
2) It has the problem reported here and previously with running under a 
security manager
3) I don't feel there is any real benefit to the functionality provided
4) This is the only reason there is a separate jar file created for 1.3 
JDKs.  I think the fewer different jar files we have the better.  It is 
too confusing to have too many different code bases.  There are 
currently different builds for 1.1, 1.2, 1.3 and 1.2enterprise JDKs. 
The 1.1 and 1.2 are necessary because the JDBC spec changed 
significantly between those two releases (i.e. jdbc1 vs jdbc2).

thanks,
--Barry


Renato wrote:

> Hi all,
>
> I'm installing a secure shared web hosting server for JSP and Servlets and 
> I have the following problem. Trying to connect to Postgres I receive the 
> following message:
>
> java.lang.ExceptionInInitializerError: 
> java.security.AccessControlException: access denied 
> (java.lang.RuntimePermission shutdownHooks)
>
> Looking at the source code, I see that Postgres driver make a call to 
> Runtime.getRuntime().addShutdownHook(new Thread(this)). By doing this I 
> have to include in my java.policy a line to give permission to the driver 
> to invoke the 'addShutdownHook' method. Looking at Sun's documentation at 
> http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html, they 
> strongly recommend to NOT give this permission:
>
> shutdownHooks - Registration and cancellation of virtual-machine shutdown 
> hooks - This allows an attacker to register a malicious shutdown hook that 
> interferes with the clean shutdown of the virtual machine. 
>
> Well, I do not want to give this permission. What should I do ? Is there 
> another postgres JDBC driver I should use ? Is it possible to recompile the 
> driver without the line that registers the hook ? 
>
> Any advices are greatly appreciated.
>
> Thanks in advance
> Renato - Brazil.
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster