[
https://issues.apache.org/jira/browse/DERBY-2874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508592
]
Rick Hillegas commented on DERBY-2874:
--------------------------------------
Regardless of whether we (1) log a follow-on JIRA or (2) try to set
derby.security.host in this release, it would be good to understand what extra
security holes are covered by (2). What are your thoughts?
> NetworkServer not accepting connections with default security manager on Ipv6
> machines
> --------------------------------------------------------------------------------------
>
> Key: DERBY-2874
> URL: https://issues.apache.org/jira/browse/DERBY-2874
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.0.0
> Environment: Ipv6 machine with ibm jvm 15
> Reporter: Manjula Kutty
> Assignee: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: derby-2874-01.diff, derby-2874-wildcard-01.diff,
> derby-2874-wildcard-02.diff, server.policy
>
>
> While running tests on Ipv6 machines using the 10.3 jars with the default
> security manager, I had the following findings/questions
> I started the server like this java
> org.apache.derby.drda.NetworkServerControl start -h
> 2002:92a:8f7a:13:9:42:74:19
> and the server started with the following command
> Security manager installed using the Basic server security policy.
> Apache Derby Network Server - 10.3.1.0 beta - (548006) started and ready to
> accept connections on port 1527 at 2007-06-25 23:44: 36.835 GMT
>
> So I think the server is using the default security manager. Then when I
> tried to get conenction though ij
>
> got the following error message
> Access denied (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016
> accept,resolve)
> java.security.AccessControlException: Access denied
> (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016
> accept,resolve)
> at
> java.security.AccessController.checkPermission(AccessController.java:104)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
> at java.lang.SecurityManager.checkAccept (SecurityManager.java:1172)
> at java.net.ServerSocket.implAccept(ServerSocket.java:466)
> at java.net.ServerSocket.accept(ServerSocket.java:433)
> at org.apache.derby.impl.drda.ClientThread$1.run (Unknown Source)
> at
> java.security.AccessController.doPrivileged(AccessController.java:242)
> at org.apache.derby.impl.drda.ClientThread.run(Unknown Source)
>
> I had the derby.properties file like this
>
> derby.database.sqlAuthorization=true
> derby.connection.requireAuthentication=true
> derby.infolog.append=true
> derby.authentication.provider=BUILTIN
> derby.stream.error.logSeverityLevel=0
> #derby.language.logStatementText=true
> # User's Definitions
> derby.user.user2=pass2
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
