Daniel John Debrunner wrote:
John H. Embretsen commented on DERBY-2196:
------------------------------------------
e) I think it is good to have a relatively easy way to disable
automatic security manager installation.
Does using this policy file as a custom policy count as "relatively easy"?
grant {
permission java.security.AllPermission;
};
I think in my mind it is relatively easy, but it doesn't really _disable_ the
Security Manager, does it?
I think people would like to at least have the opportunity to run (from the
command line too) without a Security Manager at all, assuming that there are
potential bugs and performance penalties associated with using a Security
Manager (and that the system is properly secured by other means, of course ;) ).
I don't know how the "AllPermission" affects those things.
Also remember this is only from a command line (main method) start, code
that uses the lower level api (NetworkServerControl) will not install a
security manager automatically, or (I assume) when the property is used
to start the network server when embedded driver is loaded.
Fair enough, but still many people choose to run the server standalone from the
command line, and I think they too should be able to disable the Sec. Mgr.
--
John
