[
https://issues.apache.org/jira/browse/DERBY-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514645
]
Dag H. Wanvik edited comment on DERBY-2963 at 7/23/07 7:59 AM:
---------------------------------------------------------------
I also see the issue regardless of whether derbyrun.jar is used or not (IPv4,
on Solaris).
It seems the default policy file installed intentionally does *not*
open access to remote clients. I am not sure, but I seem to remember
this being discussed (DERBY-2196) and found to be acceptable? However,
the release notes do not indicate this, which would seem to indicate
it is not the intended behavior, in which case it is a bug, not a
"feature".
Changing this line in server.policy:
permission java.net.SocketPermission "${derby.security.host}", "accept";
to:
permission java.net.SocketPermission "*", "accept";
lets me connect from any host to the interface name given in -h option.
was:
I also see the issue regardless of whether derbyrun.jar is used or not.
It seems the default policy file installed intentionally does *not*
open access to remote clients. I am not sure, but I seem to remember
this being discussed (DERBY-2196) and found to be acceptable? However,
the release notes do not indicate this, which would seem to indicate
it is not the intended behavior, in which case it is a bug, not a
"feature".
Changing this line in server.policy:
permission java.net.SocketPermission "${derby.security.host}", "accept";
to:
permission java.net.SocketPermission "*", "accept";
lets me connect from any host to the interface name given in -h option.
> AccessControlException: Access denied java.net.SocketPermission <client ip>
> accept,resolve
> ------------------------------------------------------------------------------------------
>
> Key: DERBY-2963
> URL: https://issues.apache.org/jira/browse/DERBY-2963
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Affects Versions: 10.3.1.2
> Environment: SuseLinux 10
> IBM JVM 1.5
> Reporter: Daniel John Debrunner
> Priority: Blocker
>
> I start the server using an ipv4 address
> java derbyrun.jar server start -h x.x.x.x
> Then I connect from a remote client and hit an AccessControlException
> The ip in the exception is that of the *client*, not the server.
> This setup works in 10.2.2.0.
> Same problem if the hostname is in derby.properties
> Problem can be worked around by using -noSecurityManager when starting the
> server
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
