[jira] Commented: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver

Mon, 31 Jan 2011 13:39:53 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12988900#comment-12988900
 ] 

Kim Haase commented on DERBY-4990:
----------------------------------

The only item in the list of changes that isn't in the 10.7.1.1 template is the 
callAbort permission, which I need to add for DERBY-4991.

I suspect some of the others might need explaining somewhere. I should see if 
doc issues were filed for any of them.

> Documentation should state a custom security policy being required to use 
> LDAP in conjunction with network driver
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4990
>                 URL: https://issues.apache.org/jira/browse/DERBY-4990
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation
>            Reporter: Thomas Hill
>            Assignee: Kim Haase
>
> The documentation is lacking a statement that defining and using a >custom< 
> security manager template is required when wanting to use LDAP authorization 
> provider in conjunction with the network driver client. driver. Otherwise, 
> i.e. just using the default security policy will lead to socket permission 
> errors. Details on which permission exactely needs to be granted to which 
> code base would be very helpful.
> Chapter 'Running Derby under a security manager', section 'granting 
> permissions to Derby' in the Developer's guide seems a good place to mention 
> the permission java.net.SocketPermission as optional, but required to be set 
> when wanting to use LDAP authorization in conjunction with the network client 
> driver and defining the authorisation provider properties as system-level 
> properties.
> Adding this to the documentation and preferrably also providing some more 
> guidance seems desirable as migrating off the builtin user system to LDAP is 
> strongly recommened and the documentation has explicit statements about 
> security risks otherwise incurred. 
> I also realized that the template included in the documentation at 
> http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and 
> the default template included in 10.7.1.1 software are no longer in sync.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to