[
https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12465456
]
Rick Hillegas commented on DERBY-2196:
--------------------------------------
Thanks for the quick response, Dan.
1) I agree that it would be better to grant the file/property/classloader
permissions just to derby.jar and the socket permission just to derbynet.jar.
The example policy file given in the current Admin Guide should probably be
revised the same way.
2) I will reword the sentence on classloaders.
3) I like the idea of setting derby.system.home if it isn't set and then just
having one set of permissions for derby.jar. I think that the second example
policy file in the Developer's Guide is just wrong when it grants permissions
to the file system rooted under derby.system.home when that property is not set.
4) Thanks for reminding me about the backup/import discussion. The Basic policy
can just grant blanket read/write/delete to the whole file system (with a
suitable comment).
5) Thanks for quizzing me about the rationale for the shutdown policy. I think
I have misunderstood the comments in the policy in the Admin Guide. I agree
that we don't need a shutdown policy and those extra socket permissions are
intended for the running server.
6) I think I understand your misgivings about the easy-to-use flag which
disables default security. However, I also see the value in makiing it easy for
customers to get the behavior they want. Are you concerned that this could be
abused accidentally?
> Run standalone network server with security manager by default
> --------------------------------------------------------------
>
> Key: DERBY-2196
> URL: https://issues.apache.org/jira/browse/DERBY-2196
> Project: Derby
> Issue Type: Improvement
> Components: Network Server, Security
> Reporter: Daniel John Debrunner
> Attachments: secureServer.html
>
>
> From an e-mail discussion:
> ... Derby should match the security provided by typical client server
> systems such as DB2, Oracle, etc. I
> think in this case system/database owners are trusting the database
> system to ensure that their system cannot be attacked. So maybe if Derby
> is booted as a standalone server with no security manager involved, it
> should install one with a default security policy. Thus allowing Derby
> to use Java security manager to manage system privileges but not
> requiring everyone to become familiar with them.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/[EMAIL
> PROTECTED]
> I imagine such a policy would allow any access to databases under
> derby.system.home and/or user.home.
> By standalone I mean the network server was started though the main() method
> (command line).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
