[
https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504952
]
Rick Hillegas commented on DERBY-2811:
--------------------------------------
Thanks for the additional thoughts, Dag. Perhaps, we should not use
derby.drda.host as the parameter name in the default policy file. Instead, we
could use some parameter name like derby.host.address. We would forcibly set
this variable and leave derby.drda.host alone.
To summarize:
1) In server.policy, we would change drda.host to derby.host.address. And
derby.host.address would be the system property that the server forcibly sets
2) We would set derby.host.adress to "*" if the customer specified the host as
"0.0.0.0" or "::"
> Specifying -h 0.0.0.0 with default security manager bars clients from
> connecting from any host
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-2811
> URL: https://issues.apache.org/jira/browse/DERBY-2811
> Project: Derby
> Issue Type: Bug
> Components: Network Server, Security
> Affects Versions: 10.3.0.0
> Reporter: Dag H. Wanvik
> Assignee: Rick Hillegas
> Attachments: derby-2811-01.diff
>
>
> The default policy file installed has this stanza:
> :
> permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
> :
> Normally, specifying -h 0.0.0.0 to NetworkServerControl lets clients connect
> from any host, but with the default policy file installed
> connecting fails even from localhost.
> I think this is because SocketPermission only recognizes "*" as a catch-all.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
