| From: | thomas at tada(dot)se (Thomas Hallgren) |
|---|---|
| To: | |
| Subject: | [Pljava-dev] How to configure security manager? |
| Date: | 2005-10-29 08:45:11 |
| Message-ID: | 43633697.1070808@tada.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pljava-dev |
Hi Darren,
Short version:
You need to declare your special trigger with 'LANGUAGE javaU' and use
an administrator account when you install it.
Longer...
PostgreSQL stipulates that a PL should provider one trusted and one
untrusted language handler. The convention is that the untrusted one
uses the name of the trusted with an appended 'U'. A trusted handler
cannot access external resources (the file system in particular) but the
untrusted one has no such restrictions. Only administrator accounts can
install the latter but anyone can call it once its installed. PL/Java
uses a standard SecurityManager to enforce this behavior and there's no
way to configure that manager at present.
Regards,
Thomas Hallgren
dgovoni at metadapt.com wrote:
> Hi,
> The user guide didn't seem to have the depth for this, but how can I change
> the _java_ security policy to relieve the restriction below? I want to have a
> function/trigger with certain (full) system permissions (files,sockets,
> system, etc.)
>
> Thank you!
> Darren
>
> rath.msnm.NotificationProcessor:
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at rath.msnm.AbstractProcessor.run(AbstractProcessor.java:373)
> Caused by: java.lang.ExceptionInInitializerError
> at
> rath.msnm.NotificationProcessor.processAuth(NotificationProcessor.java:360)
> ... 5 more
> Caused by: java.lang.SecurityException
> at
> org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.assertPermission(Backend.java:153)
> at
> org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.nonRecursiveCheck(Backend.java:128)
> at
> org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.checkPermission(Backend.java:106)
> at java.lang.System.setProperty(System.java:654)
> at rath.msnm.util.TWN.<clinit>(TWN.java:61)
> ... 6 more
> _______________________________________________
> Pljava-dev mailing list
> Pljava-dev at gborg.postgresql.org
> http://gborg.postgresql.org/mailman/listinfo/pljava-dev
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Hallgren | 2005-10-29 08:59:47 | R: Re: [Pljava-dev] crash due to huge load? |
| Previous Message | rcolmegna at tiscali.it | 2005-10-29 08:43:29 | R: Re: [Pljava-dev] crash due to huge load? |