Hi Alexander,
In terms of using a Java Security Manager, there will be better
out-of-the-box support for a secure network server in the next feature
release (10.3). That work is tracked by
https://issues.apache.org/jira/browse/DERBY-2196. Right now, you can
grab a generic policy file from the development codeline at
java/drda/org/apache/derby/drda/server.policy. I will mouse that file
into my reply. You will need to customize some variables in that file in
order to fit it to your particular environment. I hope this helps.
Here's the moused-in server policy file:
grant codeBase "${derby.install.url}derby.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
// You may want to restrict this access to specific directories.
//
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
};
grant codeBase "${derby.install.url}derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients.
//
permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
};
Alexander Trauzzi wrote:
Greetings to all the Derbites in mailing list land. I have a rather
simple, but potentially complicated question.
I grabbed a copy of the latest derby-bin distribution. I ran the
scripts required to run it as a network server, just as a quick little
test in the console.
The first concern I have is that anyone seems to have the ability to
connect to my server and create databases?
I did a bit of searching with Google and also within the derby site
and came up with all kinds of very complicated and confusing
recommendations to "secure" a server. Some were in the manual,
referring to authentication, others involved using a Java security
manager. Neither of which were explained in such a way that I could
easily absorb or put into practical use. Especially the Java security
manager.
Is there any resource that is straightforward, concise and simple that
can help me set up a derby network server that authenticates based on
username/password pairs? I'm talking MySQL-easy (anyone can set up a
MySQL server!).
Thank you to all who reply...
- Alexander Trauzzi
