Documentation should state a custom security policy being required to use LDAP
in conjunction with network driver
-----------------------------------------------------------------------------------------------------------------
Key: DERBY-4990
URL: https://issues.apache.org/jira/browse/DERBY-4990
Project: Derby
Issue Type: Task
Components: Documentation
Reporter: Thomas Hill
The documentation is lacking a statement that defining and using a >custom<
security manager template is required when wanting to use LDAP authorization
provider in conjunction with the network driver client. driver. Otherwise, i.e.
just using the default security policy will lead to socket permission errors.
Details on which permission exactely needs to be granted to which code base
would be very helpful.
Chapter 'Running Derby under a security manager', section 'granting permissions
to Derby' in the Developer's guide seems a good place to mention the permission
java.net.SocketPermission as optional, but required to be set when wanting to
use LDAP authorization in conjunction with the network client driver and
defining the authorisation provider properties as system-level properties.
Adding this to the documentation and preferrably also providing some more
guidance seems desirable as migrating off the builtin user system to LDAP is
strongly recommened and the documentation has explicit statements about
security risks otherwise incurred.
I also realized that the template included in the documentation at
http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and the
default template included in 10.7.1.1 software are no longer in sync.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
