[
https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504967
]
Dag H. Wanvik commented on DERBY-2811:
--------------------------------------
Yes, using another property would be good, I think. I am less sure about
your concrete name proposal: to me a host has a name (usually) and an address,
and it the case of derby.drda.host one may give it a value of either a name or
an IP address.
This would be the case for this new property as well, so I would suggest
something like derby.security.host.
If I understand correctly, the new property, if not set, would default to the
same value as
derby.drda.host, possibly overridden by -h option,
providing that isn't "0.0.0.0" or "::" (in which case one would translate it
to "*"). That way existing apps would run unchanged, I think.
Sounds good to me.
> Specifying -h 0.0.0.0 with default security manager bars clients from
> connecting from any host
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-2811
> URL: https://issues.apache.org/jira/browse/DERBY-2811
> Project: Derby
> Issue Type: Bug
> Components: Network Server, Security
> Affects Versions: 10.3.0.0
> Reporter: Dag H. Wanvik
> Assignee: Rick Hillegas
> Attachments: derby-2811-01.diff
>
>
> The default policy file installed has this stanza:
> :
> permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
> :
> Normally, specifying -h 0.0.0.0 to NetworkServerControl lets clients connect
> from any host, but with the default policy file installed
> connecting fails even from localhost.
> I think this is because SocketPermission only recognizes "*" as a catch-all.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
