diff options
| author | Bruce Momjian <bruce@momjian.us> | 2001-08-26 01:06:20 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2001-08-26 01:06:20 +0000 |
| commit | 19a251d0ec8ffb326a8c46a7c66821834dbba8d3 (patch) | |
| tree | 6fed5e8574ed6b6b649dfe9847f7d526b8e2fbf6 /src | |
| parent | 1be615f381479cdcbc58f9a7684efa530705373d (diff) | |
| download | postgresql-19a251d0ec8ffb326a8c46a7c66821834dbba8d3.tar.gz postgresql-19a251d0ec8ffb326a8c46a7c66821834dbba8d3.zip | |
>>>>The JDBC driver requires
>>>>
>>>> permission java.net.SocketPermission "host:port", "connect";
>>>>
>>>>in the policy file of the application using the JDBC driver
>>>>in the postgresql.jar file. Since the Socket() call in the
>>>>driver is not protected by AccessController.doPrivileged() this
>>>>permission must also be granted to the entire application.
>>>>
>>>>The attached diff fixes it so that the connect permission can be
>>>>restricted just the the postgresql.jar codeBase if desired.
David Daney
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/jdbc/org/postgresql/PG_Stream.java | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/src/interfaces/jdbc/org/postgresql/PG_Stream.java b/src/interfaces/jdbc/org/postgresql/PG_Stream.java index 3a6eaebc017..ebee9e95fd9 100644 --- a/src/interfaces/jdbc/org/postgresql/PG_Stream.java +++ b/src/interfaces/jdbc/org/postgresql/PG_Stream.java @@ -5,12 +5,13 @@ import java.lang.*; import java.net.*; import java.util.*; import java.sql.*; +import java.security.*; import org.postgresql.*; import org.postgresql.core.*; import org.postgresql.util.*; /** - * $Id: PG_Stream.java,v 1.11 2001/07/30 14:51:19 momjian Exp $ + * $Id: PG_Stream.java,v 1.12 2001/08/26 01:06:20 momjian Exp $ * * This class is used by Connection & PGlobj for communicating with the * backend. @@ -28,6 +29,25 @@ public class PG_Stream BytePoolDim1 bytePoolDim1 = new BytePoolDim1(); BytePoolDim2 bytePoolDim2 = new BytePoolDim2(); + private static class PrivilegedSocket + implements PrivilegedExceptionAction + { + private String host; + private int port; + + PrivilegedSocket(String host, int port) + { + this.host = host; + this.port = port; + } + + public Object run() throws Exception + { + return new Socket(host, port); + } + } + + /** * Constructor: Connect to the PostgreSQL back end and return * a stream connection. @@ -38,7 +58,13 @@ public class PG_Stream */ public PG_Stream(String host, int port) throws IOException { - connection = new Socket(host, port); + PrivilegedSocket ps = new PrivilegedSocket(host, port); + try { + connection = (Socket)AccessController.doPrivileged(ps); + } + catch(PrivilegedActionException pae){ + throw (IOException)pae.getException(); + } // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed // improvement on FreeBSD machines (caused by a bug in their TCP Stack) |