Alexander Trauzzi wrote: ... > Also, where, when and how do I use this security file?
there's a little walk through on this starting on slides 36-38 of this presentation: http://db.apache.org/derby/binaries/jta-WE15.pdf hth, -jean > Again, much of the explanation of these things in Derby seems left to the > Java spec that they conform to - which isn't always the most user friendly. > > - Alex > > On 2/20/07, Rick Hillegas <[EMAIL PROTECTED]> wrote: > >> >> Hi Alexander, >> >> In terms of using a Java Security Manager, there will be better >> out-of-the-box support for a secure network server in the next feature >> release (10.3). That work is tracked by >> https://issues.apache.org/jira/browse/DERBY-2196. Right now, you can >> grab a generic policy file from the development codeline at >> java/drda/org/apache/derby/drda/server.policy. I will mouse that file >> into my reply. You will need to customize some variables in that file in >> order to fit it to your particular environment. I hope this helps. >> Here's the moused-in server policy file: >> >> grant codeBase "${derby.install.url}derby.jar" >> { >> // >> // These permissions are needed for everyday, embedded Derby usage. >> // >> permission java.lang.RuntimePermission "createClassLoader"; >> permission java.util.PropertyPermission "derby.*", "read"; >> permission java.io.FilePermission "${derby.system.home}","read"; >> permission java.io.FilePermission "${derby.system.home}${/}-", >> "read,write,delete"; >> >> // >> // This permission lets you backup and restore databases >> // to and from arbitrary locations in your file system. >> // >> // This permission also lets you import/export data to and from >> // arbitrary locations in your file system. >> // >> // You may want to restrict this access to specific directories. >> // >> permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; >> }; >> >> grant codeBase "${derby.install.url}derbynet.jar" >> { >> // >> // This permission lets the Network Server manage connections from >> clients. >> // >> permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; >> }; >> >> Alexander Trauzzi wrote: >> > Greetings to all the Derbites in mailing list land. I have a rather >> > simple, but potentially complicated question. >> > >> > I grabbed a copy of the latest derby-bin distribution. I ran the >> > scripts required to run it as a network server, just as a quick little >> > test in the console. >> > >> > The first concern I have is that anyone seems to have the ability to >> > connect to my server and create databases? >> > I did a bit of searching with Google and also within the derby site >> > and came up with all kinds of very complicated and confusing >> > recommendations to "secure" a server. Some were in the manual, >> > referring to authentication, others involved using a Java security >> > manager. Neither of which were explained in such a way that I could >> > easily absorb or put into practical use. Especially the Java security >> > manager. >> > >> > Is there any resource that is straightforward, concise and simple that >> > can help me set up a derby network server that authenticates based on >> > username/password pairs? I'm talking MySQL-easy (anyone can set up a >> > MySQL server!). >> > >> > Thank you to all who reply... >> > >> > - Alexander Trauzzi >> >> > >
