[
https://issues.apache.org/jira/browse/DERBY-2874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508534
]
Rick Hillegas commented on DERBY-2874:
--------------------------------------
Thanks for test-driving this patch, Manjula. It also works for me on my
personal laptop, which runs a version of Suse with dual v4 and v6 protocol
stacks.
I think that it would be better to restrict the socket permission as much as
possible just as it would be better to restrict the file permissions as much as
possible. However, I think this more liberal socket permission is fine for the
default policy just as the liberal file permission is ok. The liberal socket
permission is only granted to derbynet.jar and the server limits itself to
addresses specified at boot time. Socket permission continues to be denied to
code outside the server, such as user-written functions and procedures.
> NetworkServer not accepting connections with default security manager on Ipv6
> machines
> --------------------------------------------------------------------------------------
>
> Key: DERBY-2874
> URL: https://issues.apache.org/jira/browse/DERBY-2874
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.0.0
> Environment: Ipv6 machine with ibm jvm 15
> Reporter: Manjula Kutty
> Assignee: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: derby-2874-01.diff, derby-2874-wildcard-01.diff,
> server.policy
>
>
> While running tests on Ipv6 machines using the 10.3 jars with the default
> security manager, I had the following findings/questions
> I started the server like this java
> org.apache.derby.drda.NetworkServerControl start -h
> 2002:92a:8f7a:13:9:42:74:19
> and the server started with the following command
> Security manager installed using the Basic server security policy.
> Apache Derby Network Server - 10.3.1.0 beta - (548006) started and ready to
> accept connections on port 1527 at 2007-06-25 23:44: 36.835 GMT
>
> So I think the server is using the default security manager. Then when I
> tried to get conenction though ij
>
> got the following error message
> Access denied (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016
> accept,resolve)
> java.security.AccessControlException: Access denied
> (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016
> accept,resolve)
> at
> java.security.AccessController.checkPermission(AccessController.java:104)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
> at java.lang.SecurityManager.checkAccept (SecurityManager.java:1172)
> at java.net.ServerSocket.implAccept(ServerSocket.java:466)
> at java.net.ServerSocket.accept(ServerSocket.java:433)
> at org.apache.derby.impl.drda.ClientThread$1.run (Unknown Source)
> at
> java.security.AccessController.doPrivileged(AccessController.java:242)
> at org.apache.derby.impl.drda.ClientThread.run(Unknown Source)
>
> I had the derby.properties file like this
>
> derby.database.sqlAuthorization=true
> derby.connection.requireAuthentication=true
> derby.infolog.append=true
> derby.authentication.provider=BUILTIN
> derby.stream.error.logSeverityLevel=0
> #derby.language.logStatementText=true
> # User's Definitions
> derby.user.user2=pass2
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
