Daniel John Debrunner wrote:
Rick Hillegas wrote:
Thanks to everybody for the discussion so far. And thanks to Martin
for revising the SystemPrivilegesBehaviour.html summary attached to
DERBY-2109. I think that my initial posting garbled the description
of the compatibilty issues. I would
a compatibility
issue for 10.4. I would like to commit Martin's work on this issue,
but before I do that, I would like to make sure that the community is
comfortable with the compatibility behavior. I am taking this question
to the developer community first. Once the developer community agrees
Rick Hillegas wrote:
Thanks to everybody for the discussion so far. And thanks to Martin for
revising the SystemPrivilegesBehaviour.html summary attached to
DERBY-2109. I think that my initial posting garbled the description of
the compatibilty issues. I would like to restate what the
Kathey Marsden wrote:
Rick Hillegas wrote:
The system privileges work (DERBY-2109) will introduce a compatibility
issue for 10.4.
Thank you Rick for bringing up this issue.
1) If the customer has written their own security policy file (the
usual and recommended situation
John Embretsen wrote:
Can you elaborate on why having to change the policy file is more
disruptive than most other (incompatible) changes introduced in new
versions?
Most incompatible changes will require change of the application and
deployment of a new jar file. The policy file is
Rick Hillegas wrote:
[snip]
DERBY-2109 reduces our exposure to denial-of-service (and possible theft
and corruption) attacks
What are the possible theft and corruption attacks?
[snip]
1) If the customer has written their own security policy file (the usual
and recommended situation),
Daniel John Debrunner wrote:
Rick Hillegas wrote:
[snip]
DERBY-2109 reduces our exposure to denial-of-service (and possible
theft and corruption) attacks
What are the possible theft and corruption attacks?
Hi Dan,
These may come into play when we allow anyone to create a database and
Daniel John Debrunner wrote:
Rick Hillegas wrote:
2) In order to bring down the server using NetworkServerControl, the
customer will need to supply username/password credentials.
I regard (2) as the fix to some serious bugs.
It might be useful to think about these as two separate issues,
Daniel John Debrunner wrote:
Daniel John Debrunner wrote:
Rick Hillegas wrote:
2) In order to bring down the server using NetworkServerControl, the
customer will need to supply username/password credentials.
I regard (2) as the fix to some serious bugs.
It might be useful to think
The system privileges work (DERBY-2109) will introduce a compatibility
issue for 10.4. I would like to commit Martin's work on this issue, but
before I do that, I would like to make sure that the community is
comfortable with the compatibility behavior. I am taking this question
Rick Hillegas wrote:
The system privileges work (DERBY-2109) will introduce a compatibility
issue for 10.4.
Thank you Rick for bringing up this issue.
1) If the customer has written their own security policy file (the
usual and recommended situation), then the customer will need to add
:
The system privileges work (DERBY-2109) will introduce a compatibility
issue for 10.4.
Thank you Rick for bringing up this issue.
1) If the customer has written their own security policy file (the
usual and recommended situation), then the customer will need to add
some extra permissions
12 matches
Mail list logo
