Richard, Thanks! How does this affect my need for a user based security setup? Also, where, when and how do I use this security file?
Again, much of the explanation of these things in Derby seems left to the Java spec that they conform to - which isn't always the most user friendly. - Alex On 2/20/07, Rick Hillegas <[EMAIL PROTECTED]> wrote:
Hi Alexander, In terms of using a Java Security Manager, there will be better out-of-the-box support for a secure network server in the next feature release (10.3). That work is tracked by https://issues.apache.org/jira/browse/DERBY-2196. Right now, you can grab a generic policy file from the development codeline at java/drda/org/apache/derby/drda/server.policy. I will mouse that file into my reply. You will need to customize some variables in that file in order to fit it to your particular environment. I hope this helps. Here's the moused-in server policy file: grant codeBase "${derby.install.url}derby.jar" { // // These permissions are needed for everyday, embedded Derby usage. // permission java.lang.RuntimePermission "createClassLoader"; permission java.util.PropertyPermission "derby.*", "read"; permission java.io.FilePermission "${derby.system.home}","read"; permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete"; // // This permission lets you backup and restore databases // to and from arbitrary locations in your file system. // // This permission also lets you import/export data to and from // arbitrary locations in your file system. // // You may want to restrict this access to specific directories. // permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; }; grant codeBase "${derby.install.url}derbynet.jar" { // // This permission lets the Network Server manage connections from clients. // permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; }; Alexander Trauzzi wrote: > Greetings to all the Derbites in mailing list land. I have a rather > simple, but potentially complicated question. > > I grabbed a copy of the latest derby-bin distribution. I ran the > scripts required to run it as a network server, just as a quick little > test in the console. > > The first concern I have is that anyone seems to have the ability to > connect to my server and create databases? > I did a bit of searching with Google and also within the derby site > and came up with all kinds of very complicated and confusing > recommendations to "secure" a server. Some were in the manual, > referring to authentication, others involved using a Java security > manager. Neither of which were explained in such a way that I could > easily absorb or put into practical use. Especially the Java security > manager. > > Is there any resource that is straightforward, concise and simple that > can help me set up a derby network server that authenticates based on > username/password pairs? I'm talking MySQL-easy (anyone can set up a > MySQL server!). > > Thank you to all who reply... > > - Alexander Trauzzi
-- _________________________________________________ Alexander Trauzzi
