Daniel John Debrunner wrote:
John Embretsen wrote:
[lots of good comments snipped]
We, as Derby developers, should strive to keep the sensitivity of the
information stored as (derby) system properties to a minimum. For
example, we
should recommend against defining usernames and passwords in
cleartext as system
properties (especially in scenarios where remote JMX is enabled), and
should
provide better alternatives to the users.
A better alternative already exists today. Derby system level
properties can be specified in derby.properties, none of these values
are then set as JVM system properties, and thus they will not appear
to any standard jmx bean.
Yes, this is a good thing. Still not optimal, but it certainly helps. We
could probably be more explicit about the differences in the manuals.
Exposing these (or a security conscious subset of them) through
Derby's SystemMBean is fine, though I'm not sure that's what is being
proposed by the jmx changes. I.e. does SystemMbean just display the
value of the jvm system property or the value that derby is using (set
as a jvm system property or in derby.properties)?
I think the latter (the value derby is using). I think this is best,
from a usability perspective. (In the SystemMBean, most properties are
fetched using the getSystemProperty(...) method of
org.apache.derby.iapi.services.property.PropertyUtil). What to expose
through our own JMX beans is luckily easier to control than what is
available via platform features.
--
John
