[
https://issues.apache.org/jira/browse/DERBY-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540856
]
Aaron Digulla commented on DERBY-3083:
--------------------------------------
Well, I've used tons of Java software (probably everything kind except for
applets) and Derby was the first one to have a Security Manager, so in my case
running into one violated the rule "least surprises". OTOH, I know perfectly
well that a misconfigured network server compromises the security of my
computer (they all do, that's common knowledge even if most people actively
ignore this simple fact). Therefore, a network server which is secure also
violates the rule.
So it is an attempt to make the world better on your part but it certainly
breaks the "least surprise" rule unless you can make it work even when I do
strange things like renaming the JAR, repackaging everything in an ueberjar and
the like. If you really, absolutely need to have your SM, make it fail
gracefully (if DerbyNet can't install it, print a warning and go on) or ask the
user to enable it with an option if they need/want it.
Otherwise, you will annoy 90% of the users of your code:
10% know more about security than you do and they do it differently; trying to
teach them won't work
80% don't know and don't care and they hate you for making their lives
"unnecessary" complex (a.k.a "what do I need that stupid virus scanner for?
Open that proxy already! OWN3Z.COM wants to install TakeOver.EXE? OK!")
Which leaves 10% who don't know and care enough to learn how to secure their
system
;-)
I'm in the first 10%, by the way: For my JUnit tests, I just need an option to
bind the server to 127.0.0.1 and no SM.
> Network server demands a file called "derbynet.jar" in classpath
> ----------------------------------------------------------------
>
> Key: DERBY-3083
> URL: https://issues.apache.org/jira/browse/DERBY-3083
> Project: Derby
> Issue Type: Bug
> Components: Tools
> Affects Versions: 10.3.1.4
> Reporter: Aaron Digulla
> Attachments: derby-716-10-datatypesCollation-aa.diff
>
>
> The network server will not start if the derbynet jar is added under a
> different name than "derbynet.jar" to the classpath. This makes it impossible
> to use it in maven projects where the jar is renamed to
> "derbynet-10.3.1.4.jar".
> This did work with 10.2.2.0
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
