[jira] [Commented] (DERBY-6160) Fixes needed to documentation topics on security policy permissions

Mon, 29 Apr 2013 21:18:22 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-6160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645228#comment-13645228
 ] 

Dag H. Wanvik commented on DERBY-6160:
--------------------------------------

Thanks! In the section "Customizing the Network Server's security policy" 
section for derbynet.jar, we should probably include these setting for these

+// Needed by file permissions restriction system:
+//
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", 
+      "read, write";

even the PropertyPermission, since in this case the security policy is 
effective once Derby starts (before the time where it would otherwise load the 
default security policy), so the last PropertyPermission is required. (With 
default, we set this property *before* the security manager is enabled).

For derby.jar,  the two runtimePermissions need be included also.

In general, I am wondering whether we have (re)considered (lately) the minimum 
that must be in the customized policy to make Derby work at all. Another case 
in point is the added permission for callAbort in JDBC 4.1; I think that needs 
to be present in the engine (derby.jar) grants, too ? Rick?


                
> Fixes needed to documentation topics on security policy permissions
> -------------------------------------------------------------------
>
>                 Key: DERBY-6160
>                 URL: https://issues.apache.org/jira/browse/DERBY-6160
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.9.1.0, 10.10.1.1
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>         Attachments: DERBY-6160-2.diff, DERBY-6160-2.stat, DERBY-6160-2.zip, 
> DERBY-6160.diff, DERBY-6160.stat, DERBY-6160.zip
>
>
> DERBY-5363 added a new required permission  RuntimePermission 
> "accessUserInformation".
> This should be added to the developer guide information under granting 
> permissions to Derby.
> https://builds.apache.org/job/Derby-docs/lastSuccessfulBuild/artifact/trunk/out/devguide/cdevbabejgjd.html
> I am not sure of the context under which it is required if it is just needed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to