>>>>The JDBC driver requires

>>>> >>>> permission java.net.SocketPermission "host:port", "connect"; >>>> >>>>in the policy file of the application using the JDBC driver >>>>in the postgresql.jar file. Since the Socket() call in the >>>>driver is not protected by AccessController.doPrivileged() this >>>>permission must also be granted to the entire application. >>>> >>>>The attached diff fixes it so that the connect permission can be >>>>restricted just the the postgresql.jar codeBase if desired. David Daney

>>>>The JDBC driver requires
>>>> >>>> permission java.net.SocketPermission "host:port", "connect"; >>>> >>>>in the policy file of the application using the JDBC driver >>>>in the postgresql.jar file. Since the Socket() call in the >>>>driver is not protected by AccessController.doPrivileged() this >>>>permission must also be granted to the entire application. >>>> >>>>The attached diff fixes it so that the connect permission can be >>>>restricted just the the postgresql.jar codeBase if desired. David Daney
19a251d0 · Bruce Momjian · 1be615f3 · 19a251d0
Commit 19a251d0 authored Aug 26, 2001 by Bruce Momjian
Show whitespace changes
Inline Side-by-side

Showing with 28 additions and 2 deletions

src/interfaces/jdbc/org/postgresql/PG_Stream.java src/interfaces/jdbc/org/postgresql/PG_Stream.java +28 -2

No files found.
--- a/src/interfaces/jdbc/org/postgresql/PG_Stream.java
+++ b/src/interfaces/jdbc/org/postgresql/PG_Stream.java
@@ -5,12 +5,13 @@ import java.lang.*;
 import java.net.*;
 import java.util.*;
 import java.sql.*;
+import java.security.*;
 import org.postgresql.*;
 import org.postgresql.core.*;
 import org.postgresql.util.*;

 /**
- * $Id: PG_Stream.java,v 1.11 2001/07/30 14:51:19 momjian Exp $
+ * $Id: PG_Stream.java,v 1.12 2001/08/26 01:06:20 momjian Exp $
 *
 * This class is used by Connection & PGlobj for communicating with the
 * backend.
@@ -28,6 +29,25 @@ public class PG_Stream
    BytePoolDim1 bytePoolDim1 = new BytePoolDim1();
    BytePoolDim2 bytePoolDim2 = new BytePoolDim2();

+   private static class PrivilegedSocket
+      implements PrivilegedExceptionAction
+   {
+      private String host;
+      private int port;
+
+      PrivilegedSocket(String host, int port)
+      {
+         this.host = host;
+         this.port = port;
+      }
+
+      public Object run() throws Exception
+      {
+         return new Socket(host, port);
+      }
+   }
+
+
  /**
   * Constructor:  Connect to the PostgreSQL back end and return
   * a stream connection.
@@ -38,7 +58,13 @@ public class PG_Stream
   */
  public PG_Stream(String host, int port) throws IOException
  {
-    connection = new Socket(host, port);
+     PrivilegedSocket ps = new PrivilegedSocket(host, port);
+     try {
+        connection = (Socket)AccessController.doPrivileged(ps);
+     }
+     catch(PrivilegedActionException pae){
+        throw (IOException)pae.getException();
+     }

    // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed
    // improvement on FreeBSD machines (caused by a bug in their TCP Stack)