[
https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565824#action_12565824
]
Daniel John Debrunner commented on DERBY-1387:
----------------------------------------------
The approach to security for the database mbean concerns me:
- The authenticateUser approach exposes a huge security hole where any
authenticated jmx user can perform dbo operations for the database even if they
do not have dbo credentials. I think this is unacceptable.
- It is defining a security model that does not match existing jmx approaches
(e.g. the jmx tutorial describes three security models including two that
address fine grained authorization (which is the issue here)).
I wonder if it is worth splitting the patch in two logical steps.
1) Adding the framework to support Derby mbeans and skeleton beans. E.g. add
a database bean that only exposes limited information, such as the database id
and possibly the name.
2) Add functionality to the beans in a secure manner as required.
This suits the model of incremental development and allows others to get
involved in adding new information to existing beans or adding new beans in the
framework.
> Add JMX extensions to Derby
> ---------------------------
>
> Key: DERBY-1387
> URL: https://issues.apache.org/jira/browse/DERBY-1387
> Project: Derby
> Issue Type: New Feature
> Components: Services
> Reporter: Sanket Sharma
> Assignee: John H. Embretsen
> Attachments: DERBY-1387-1.diff, DERBY-1387-1.stat, DERBY-1387-2.diff,
> DERBY-1387-2.stat, DERBY-1387-3.diff, DERBY-1387-3.stat, DERBY-1387-4.diff,
> DERBY-1387-4.stat, DERBY-1387-5.diff, DERBY-1387-5.stat, DERBY-1387-6.zip,
> DERBY-1387-7.zip, DERBY-1387-8.zip, DERBY-1387-9.diff, DERBY-1387-9.stat,
> derbyjmx.patch, jmx.diff, jmx.stat, jmxFuncspec.html, jmxFuncspec.html,
> jmxFuncspec.html, Requirements for JMX Updated.html, Requirements for
> JMX.html, Requirements for JMX.zip
>
>
> This is a draft requirement specification for adding monitoring and
> management extensions to Apache Derby using JMX. The requirements document
> has been uploaded on JIRA as well as the Derby Wiki page at
> http://wiki.apache.org/db-derby/_Requirement_Specifications_for_Monitoring_%26_Management_Extensions_using_JMX
> Developers and Users are requested to please look at the document (feature
> list in particular) and add their own rating to features by adding a coloumn
> to the table.
> Comments are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
