[jira] Commented: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver

Tue, 15 Feb 2011 16:15:26 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12995076#comment-12995076
 ] 

Dag H. Wanvik commented on DERBY-4990:
--------------------------------------

Thanks, Kim.

"need to update the URL in "JNDI-specific properties..": do we have other sun 
URLs in our docs that would need updating after acquisition?

> Documentation should state a custom security policy being required to use 
> LDAP in conjunction with network driver
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4990
>                 URL: https://issues.apache.org/jira/browse/DERBY-4990
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation
>            Reporter: Thomas Hill
>            Assignee: Kim Haase
>         Attachments: DERBY-4990.diff, DERBY-4990b.diff, 
> tadminnetservcustom.html, tadminnetservcustom.html
>
>
> The documentation is lacking a statement that defining and using a >custom< 
> security manager template is required when wanting to use LDAP authorization 
> provider in conjunction with the network driver client. driver. Otherwise, 
> i.e. just using the default security policy will lead to socket permission 
> errors. Details on which permission exactely needs to be granted to which 
> code base would be very helpful.
> Chapter 'Running Derby under a security manager', section 'granting 
> permissions to Derby' in the Developer's guide seems a good place to mention 
> the permission java.net.SocketPermission as optional, but required to be set 
> when wanting to use LDAP authorization in conjunction with the network client 
> driver and defining the authorisation provider properties as system-level 
> properties.
> Adding this to the documentation and preferrably also providing some more 
> guidance seems desirable as migrating off the builtin user system to LDAP is 
> strongly recommened and the documentation has explicit statements about 
> security risks otherwise incurred. 
> I also realized that the template included in the documentation at 
> http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and 
> the default template included in 10.7.1.1 software are no longer in sync.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to