NetServlet is a scrap of code which runs in an app server. NetServlet
can be used to bounce Derby servers and configure their trace streams.
It has a lot of race conditions which would be fairly easy to clean up.
However, that is just the beginning of its problems. It doesn't appear
to me that it even works if you are running your server the way you
ought to, viz., with authentication turned on. The NetServlet apis do
not provide a way to state your credentials. It appears that anyone can
use NetServlet to bring up a Derby server and manipulate trace streams.
Even more troubling, no-one can use NetServlet to bring a server
down--not even a dbo or installation owner.
It is hard to imagine that anyone can actually use this code in
production. Here are some possible actions we could take:
1) Fix the race conditions. At the same time, the user guides should
clarify that NetServlet is only appropriate for development/testing
purposes. It should not be used in production.
2) Add credentials to the NetServlet api. Probably this will break
backward compatibility.
3) Remove NetServlet from Derby. Another backward compatibility issue..
4) In addition to (3), we could provide a new api for bouncing servers
and configuring trace streams. JMX may be suited to this task and our
JMX support already runs with credential checks under a Java security
manager.
What are your thoughts?
Thanks,
-Rick
