Daniel John Debrunner wrote:
Rick Hillegas wrote:
Thanks to everybody for the discussion so far. And thanks to Martin
for revising the SystemPrivilegesBehaviour.html summary attached to
DERBY-2109. I think that my initial posting garbled the description
of the compatibilty issues. I would like to restate what the
backward-compatibility issues are:
2) Customers running just with Java Security (but no Authentication):
No compatibility issues.
The patch to DERBY-2109 does not implement this, instead 4b) is required:
b) Must add additional privileges to the Java Security policy file
(unless the default policy file is used)
I think that the patch (by accident) is actually correct here. Since
Java permissions can be granted to code and to principals that are not
database principals, then derby authentication being active or not is
not relevant. E.g. when running embedded in a J2EE container the
principals may be setup and authorized correctly by the container, thus
not requiring any database authentication. In that case I should be able
to grant permission to a specific set of principals to create databases
or shutdown the system.
Dan.
