Hi all,
I'm installing a secure shared web hosting server for JSP and Servlets and
I have the following problem. Trying to connect to Postgres I receive the
following message:
java.lang.ExceptionInInitializerError:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission shutdownHooks)
Looking at the source code, I see that Postgres driver make a call to
Runtime.getRuntime().addShutdownHook(new Thread(this)). By doing this I
have to include in my java.policy a line to give permission to the driver
to invoke the 'addShutdownHook' method. Looking at Sun's documentation at
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html, they
strongly recommend to NOT give this permission:
shutdownHooks - Registration and cancellation of virtual-machine shutdown
hooks - This allows an attacker to register a malicious shutdown hook that
interferes with the clean shutdown of the virtual machine.
Well, I do not want to give this permission. What should I do ? Is there
another postgres JDBC driver I should use ? Is it possible to recompile the
driver without the line that registers the hook ?
Any advices are greatly appreciated.
Thanks in advance
Renato - Brazil.
