[
https://issues.apache.org/jira/browse/DERBY-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12483693
]
Rick Hillegas commented on DERBY-2466:
--------------------------------------
Hi Dan,
In my mind, the Basic server policy has two purposes:
1) It captures the basic permissions needed to run the server under a security
manager.
2) It is the customizable template which users copy then edit in order to fit
Derby into their secure runtime environment.
I agree that the getPolicy() permission is not needed for the first purpose.
However, it's good to have it for the second purpose because it brings this
issue to customer's attention: they will need this permission if they want to
change their customized policies on the fly.
> Allow dynamic reloading of the security policy file
> ---------------------------------------------------
>
> Key: DERBY-2466
> URL: https://issues.apache.org/jira/browse/DERBY-2466
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Rick Hillegas
> Assigned To: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: derby-2466-01.diff
>
>
> The spec attached to DERBY-2109 describes how to allow the policy file to be
> dynamically reloaded while a server is running: We add a getPolicy permission
> to the Basic policy and we add a DBA-owned system procedure,
> SYSCS_UTIL.SYSCS_REFRESH_SECURITY_POLICY(), which reloads the policy file.
> This JIRA tracks that work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
