Daniel John Debrunner wrote:
Rick Hillegas wrote:
Manjula Kutty wrote:
Hi
While running tests on Ipv6 machines using the 10.3 jars with the
default security manager, I had the following findings/questions
I started the server like this java
org.apache.derby.drda.NetworkServerControl start -h
2002:92a:8f7a:13:9:42:74:19
Thanks for test-driving this on ipv6. The machines handy to me are
all ipv4 so I can't reproduce your experiment yet. However, it seems
to me that, given your command line, the default policy file is going
to grant derbynet.jar accept permission on localhost:*. On an ipv6
machine this may not be a legal address.
Why given the host name of '2002:92a:8f7a:13:9:42:74:19' is the policy
file being set up to use 'localhost'? If the -h had been a hostname or
its ip(4) address then I wouldn't expect the policy file to use
'localhost' because as I understand it such a hostname means it will
accept remote connections.
Dan.
Ah, I misread Manjula's post. What will happen is this:
1) The policy file grants accept permission to "${derby.security.host}:*"
2) NetworkServerControl will call getHost() on the
NetworkServerControlImpl instance. The system property
derby.security.host will then be set to the value returned by getHost().
3) So, if getHost() returns "2002:92a:8f7a:13:9:42:74:19", then accept
permission will be granted to "2002:92a:8f7a:13:9:42:74:19:*"
-Rick
