[
https://issues.apache.org/jira/browse/DERBY-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540488
]
kmarsden edited comment on DERBY-3086 at 11/6/07 9:15 AM:
----------------------------------------------------------------
Rick said:
>Could you explain the incompatibility which you see is >being introduced? I
>didn't understand your concern. Here >is a little more information which may
>help: The code >which sets DRDA_PROP_TRACEDIRECTORY is called >before the
>security manager is installed, so there is no >need to grant write access to
>that property.
Looking more closely I see this is set only if installing the security manager.
My concern was that if I used my own policy file it would fall over trying to
set this property, but I tried it and that does not seem to be the case. If I
use my own policy file it does not enter this code at all, so I think the
change is ok after all.
was (Author: kmarsden):
Rick said:
>Could you explain the incompatibility which you see is >being introduced? I
>didn't understand your concern. Here >is a little more information which may
>help: The code >which sets DRDA_PROP_TRACEDIRECTORY is called >before the
>security manager is installed, so there is no >need to grant write access to
>that property.
Looking more closely I see this is set only if installing the security manager.
My concern was that if I used my own policy file it would fall over trying to
write this policy, but I tried it and that does not seem to be the case. If I
use my own policy file it does not enter this code at all, so I think the
change is ok after all.
> The server policy needs to grant derbynet.jar more permissions so that
> sysinfo and drda tracing will work
> ---------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3086
> URL: https://issues.apache.org/jira/browse/DERBY-3086
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.1.4
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-3086-01-morePermissions-aa.diff
>
>
> More permissions need to be granted to derbynet.jar in the server.policy
> file. David van Couvering reports that if you bring up the server and run the
> following command:
> java -jar derbyrun.jar server sysinfo
> then you get security exceptions as the sysinfo code, running inside the
> network jarball tries to read user.dir, user.home, user.name, java.home, and
> java.class.path.
> Kathey Marsden reports that if you try to run the network server with drda
> tracing turned on, then you get security exceptions when the server tries to
> open the trace log file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
