[jira] [Commented] (DERBY-6160) Fixes needed to documentation topics on security policy permissions

[Kim Haase (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DERBY-6160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645583#comment-13645583
 ] 

Kim Haase commented on DERBY-6160:
----------------------------------

Thanks, Dag.

Let me see if I understand this correctly:

In the "Basic Network Server security policy" topic, the current settings are 
correct; that is, the following for derby.jar --

  // Needed by file permissions restriction system:
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";

and the following for derbynet.jar --

//
// Needed by file permissions restriction system:
//
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";
  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", 
      "read, write";

Would it be helpful to add "(JDK 7 and higher)" to both?

The topic "Customizing the Network Server's security policy" currently shows 
some basic and customized settings for derby.jar, but only one permission for 
derbynet.jar, although the policy file in "Basic Network Server security 
policy" has many more. I'm not sure what purpose the settings in this topic are 
meant to serve. I think they probably should include the needed permissions for 

The file java/drda/org/apache/derby/drda/template.policy is the one that is 
used as the JDK demos/db/templates/server.policy file, so this is the one that 
should provide correct examples. I'll file a separate issue to remove the 
derby.storage.jvmInstanceId permission from this file and make any other needed 
corrections. 

I will wait to hear about callAbort.
                
> Fixes needed to documentation topics on security policy permissions
> -------------------------------------------------------------------
>
>                 Key: DERBY-6160
>                 URL: https://issues.apache.org/jira/browse/DERBY-6160
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.9.1.0, 10.10.1.1
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>         Attachments: DERBY-6160-2.diff, DERBY-6160-2.stat, DERBY-6160-2.zip, 
> DERBY-6160.diff, DERBY-6160.stat, DERBY-6160.zip
>
>
> DERBY-5363 added a new required permission  RuntimePermission 
> "accessUserInformation".
> This should be added to the developer guide information under granting 
> permissions to Derby.
> https://builds.apache.org/job/Derby-docs/lastSuccessfulBuild/artifact/trunk/out/devguide/cdevbabejgjd.html
> I am not sure of the context under which it is required if it is just needed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira