Thanks to everyone for the useful discussion of this issue. It does not
seem to me that there is a consensus for backing out this feature. I am
inclined to leave it in.
Regards,
-Rick
Rick Hillegas wrote:
As of release 10.3, when you boot the network server from the command
line, the server installs a Java SecurityManager with a default
policy. This change (DERBY-2196) limits the ability of hackers,
connecting from arbitrary machines, to use Derby to corrupt the
environment in which it is running. In addition, this change provides
a foundation on which we can add more security features incrementally.
As a result of this change, we have learned more about how Derby
behaves when run under a SecurityManager--that in turn, has helped us
discover more permissions which we need to add to the template used as
a starting point for configuring a Derby security policy.
Unfortunately, this change has proved painful to some users. See, for
instance, DERBY-3086 and the ongoing discussion on DERBY-3083.
Now that we have some experience with the 10.3 release, I would like
to ask the community to review the wisdom of this change. Do we still
think that this is the correct default behavior? Or should we consider
turning off this feature in the upcoming 10.3 maintenance release?
Thanks,
-Rick
