JadeSchemaLoader Application Security Considerations

The JadeSchemaLoader application poses a potential security risk to JADE databases.

If a JADE environment includes a web‑facing application server, the JadeSchemaLoader application can be run by any presentation (thin) client connected to the internet. Such a client could be used to load an arbitrary schema that could include a malicious JADE application that the user could subsequently run to gain access to the JADE database.

You should enable application restrictions to prevent the unauthorized running of the JadeSchemaLoader application. For details, see "Controlling the JADE Thin Client Application Execution", in Chapter 3 of the JADE Thin Client Guide; for example:

[JadeAppServer]
EnableAppRestrictions=true
AllowSchemaAndApp1=MySchema,MyApp
AllowSchemaAndApp2=MySchema,MyOtherApp

In this example, no RootSchema applications can be run using a presentation client. Only the applications specified in the JADE initialization file AllowSchemaAndApp<n> parameters in the specified MySchema schema can be run by any presentation clients connecting to all application servers.