[ https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531397#comment-17531397 ]
Richard N. Hillegas commented on DERBY-7138: -------------------------------------------- Attaching derby-7138-14-aa-removeMoreDocReferences.diff and a corresponding tarball of generated output (derby-7138-14-aa-removeMoreDocReferences.tar). This patch removes more references to the SecurityManager and policy files from the Derby user guides. In the previous patch, I grep'd for the word "manager" in the docs. In this patch, I grep'd for the phrases "policy" and "Java security". I also skimmed the security guide looking for other references to Java security. {noformat} ---------------------------------------------- ADMIN GUIDE M src/adminguide/radminconfigdb2jdrdatracedirectory.dita "derby.drda.traceDirectory property" section: Remove example permissions needed for creating a DRDA trace directory. M src/adminguide/radminjmxdisable.dita "Disabling access to MBeans" section: Remove material on how to use the SecurityManager to disable or restrict access to MBeans. M src/adminguide/radminjmxenablepwd.dita "Enabling remote JMX with password authentication only" section: Remove note about SecurityManager permissions. M src/adminguide/radminjmxtroubleshoot.dita "Troubleshooting JMX connection issues" section: Remove an index term related to security policies. M src/adminguide/tadminadv804410.dita "Turning on the trace facility" section: Removed material about permissions needed for Derby to create a trace file. ---------------------------------------------- REFERENCE GUIDE M src/ref/rrefjdbc4_1connection.dita "java.sql.Connection.abort method" section: Removed material about the callAbort permission. M src/ref/rrefproperextdiagsevlevel.dita "derby.stream.error.extendedDiagSeverityLevel" section: Removed material about permissions needed for error logging. ---------------------------------------------- SECURITY GUIDE M src/security/cseccsecure41285.dita "Configuring LDAP authentication" section: Removed material about necessary permissions. M src/security/cseccsecure90988.dita "Using signed jar files" section: Removed material about SecurityManager permissions. M src/security/cseccsecuree.dita "Part Two: Configuring security for Derby" section: Removed bullet item about customizing the security policy. M src/security/csecintroderbydefenses.dita "Derby defenses against threats" section: Removed entry about Java SecurityManager defenses. M src/security/csecintromapping.dita "Defenses mapped to threats" section: Removed entry about Java SecurityManager defenses. M src/security/csecintrootherdefenses.dita "Defenses outside of Derby" section: Added a bullet item about containerization. M src/security/csecintrosafer.dita "Designing safer Derby applications" section: Removed bullet item about security policies. M src/security/csecputtogether.dita "Putting it all together" section: Removed reference to the SecurityManager. M src/security/tseccsecure81850.dita "Configuring security in an embedded environment" section: Removed item about configuring the SecurityManager. M src/security/tseccsecure82556.dita "Configuring security in a client/server environment" section: Removed item about configuring the SecurityManager. {noformat} > Remove references to the Java Security Manager > ---------------------------------------------- > > Key: DERBY-7138 > URL: https://issues.apache.org/jira/browse/DERBY-7138 > Project: Derby > Issue Type: Task > Components: Build tools, Documentation > Affects Versions: 10.16.0.0 > Reporter: Richard N. Hillegas > Assignee: Richard N. Hillegas > Priority: Major > Attachments: DerbyServerTest.java, Z.java, > derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff, > derby-7138-02-ab-moveMethodsToTestConfiguration.diff, > derby-7138-03-aa-removePermissionsTests.diff, > derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff, > derby-7138-05-aa-removeSecurityManager.diff, > derby-7138-06-aa-removeSecurityManagerSetup.diff, > derby-7138-07-aa-removePrivilegeBlocksFromTests.diff, > derby-7138-08-aa-removePolicyFiles.diff, > derby-7138-09-aa-removeMostProductPrivilegeFiles.diff, > derby-7138-10-aa-removeRemainingPrivilegeBlocks.diff, > derby-7138-11-aa-miscCleanup.diff, > derby-7138-12-aa-SYSCS_RELOAD_SECURITY_POLICY.diff, > derby-7138-13-aa-adjustUserDocumentation.diff, > derby-7138-13-aa-adjustUserDocumentation.tar, > derby-7138-14-aa-removeMoreDocReferences.diff, > derby-7138-14-aa-removeMoreDocReferences.tar, postSecurityManager.html > > > The Open JDK team has deprecated the Java Security Manager and indicated that > it will be removed in a future release of Java. See > https://openjdk.java.net/jeps/411. In an email thread titled "protecting > security-sensitive operations on multi-tenant servers" on the > security-...@openjdk.java.net mailing list, Alan Bateman indicated that > developers should containerize their applications instead. > This issue tracks work needed to remove Derby's references to the Java > Security Manager. > At a minimum, the following work needs to be done: > o The tests should be adjusted so that they don't install a SecurityManager. > o References to the SecurityManager should be removed from product code. > o We should remove the SecurityManager section of the Derby Security Guide. > In its place, we should recommend that developers containerize their Derby > applications. -- This message was sent by Atlassian Jira (v8.20.7#820007)