[
https://issues.apache.org/jira/browse/DERBY-2883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12509151
]
Rick Hillegas commented on DERBY-2883:
--------------------------------------
Right now the server bothers to set these properties only if the user forgets
to install a security manager. I wonder if the server should always set these
properties. This might reduce the number of errors which the customer can
commit when fine-tuning the template policy. That might improve the out-of-box
experience given the tendency of the Java security manager to swallow bad
syntax silently and then cryptically fail. This affect the two properties you
have mentioned: derby.security.host and derby.install.url. For
derby.install.url, we should still beef up the comments in the policy file.
This would be an argument for leaving these properties (appropriately renamed)
in the template policy file.
Off the top of my head, derby.__rt seems like a reasonable namespace for these
properties. These properties conform to the definition in Property.java, which
reserves this namespace for properties which are not persisted.
I wonder also if the server should always set derby.system.home if it is not
set. I think that this could, again, improve the out-of-box experience for
customers who fine-tune the template policy.
> template security policy file for network server uses undefined property
> derby.security.host
> --------------------------------------------------------------------------------------------
>
> Key: DERBY-2883
> URL: https://issues.apache.org/jira/browse/DERBY-2883
> Project: Derby
> Issue Type: Bug
> Components: Network Server, Security
> Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0
> Reporter: Daniel John Debrunner
>
> DERBY-2811 changed the use of
> permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
> to
> permission java.net.SocketPermission "${derby.security.host}:*", "accept";
> I think this is correct for the default policy file used by the network
> server, but incorrect for the user template file.
> I think rather than exposing this "internal property" derby.security.host,
> the template should continue to use ${derby.drda.host}
> and include comments about needing to change it if the server is listening on
> a wildcard address. Currently there's no explanation of where
> derby.security.host comes from.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
