[jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
[ https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kim Haase updated DERBY-4990: - Attachment: DERBY-4990-2.zip DERBY-4990-2.stat DERBY-4990-2.diff Attaching DERBY-4990-2.diff, DERBY-4990-2.stat, and DERBY-4990-2.zip, with changes to the following Dev Guide files: M src/devguide/cdevbabejgjd.dita M src/devguide/cdevcsecure41285.dita M src/devguide/cdevcsecure863446.dita M src/devguide/cdevcsecure864242.dita Granting permissions to Derby: added entry on LDAP grant LDAP directory service: Added links to JDK documentation on LDAP. Setting up Derby to use your LDAP directory service: Added mention of LDAP permission grant. JNDI-specific properties for external directory services: Corrected appendix title and linked to correct URL. Will this be sufficient? Suggestions are welcome. > Documentation should state a custom security policy being required to use > LDAP in conjunction with network driver > - > > Key: DERBY-4990 > URL: https://issues.apache.org/jira/browse/DERBY-4990 > Project: Derby > Issue Type: Task > Components: Documentation >Reporter: Thomas Hill >Assignee: Kim Haase > Attachments: DERBY-4990-2.diff, DERBY-4990-2.stat, DERBY-4990-2.zip, > DERBY-4990.diff, DERBY-4990b.diff, tadminnetservcustom.html, > tadminnetservcustom.html > > > The documentation is lacking a statement that defining and using a >custom< > security manager template is required when wanting to use LDAP authorization > provider in conjunction with the network driver client. driver. Otherwise, > i.e. just using the default security policy will lead to socket permission > errors. Details on which permission exactely needs to be granted to which > code base would be very helpful. > Chapter 'Running Derby under a security manager', section 'granting > permissions to Derby' in the Developer's guide seems a good place to mention > the permission java.net.SocketPermission as optional, but required to be set > when wanting to use LDAP authorization in conjunction with the network client > driver and defining the authorisation provider properties as system-level > properties. > Adding this to the documentation and preferrably also providing some more > guidance seems desirable as migrating off the builtin user system to LDAP is > strongly recommened and the documentation has explicit statements about > security risks otherwise incurred. > I also realized that the template included in the documentation at > http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and > the default template included in 10.7.1.1 software are no longer in sync. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
[ https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kim Haase updated DERBY-4990: - Attachment: tadminnetservcustom.html Adding output file so people can see the effect of the patch. > Documentation should state a custom security policy being required to use > LDAP in conjunction with network driver > - > > Key: DERBY-4990 > URL: https://issues.apache.org/jira/browse/DERBY-4990 > Project: Derby > Issue Type: Task > Components: Documentation >Reporter: Thomas Hill >Assignee: Kim Haase > Attachments: DERBY-4990.diff, DERBY-4990b.diff, > tadminnetservcustom.html, tadminnetservcustom.html > > > The documentation is lacking a statement that defining and using a >custom< > security manager template is required when wanting to use LDAP authorization > provider in conjunction with the network driver client. driver. Otherwise, > i.e. just using the default security policy will lead to socket permission > errors. Details on which permission exactely needs to be granted to which > code base would be very helpful. > Chapter 'Running Derby under a security manager', section 'granting > permissions to Derby' in the Developer's guide seems a good place to mention > the permission java.net.SocketPermission as optional, but required to be set > when wanting to use LDAP authorization in conjunction with the network client > driver and defining the authorisation provider properties as system-level > properties. > Adding this to the documentation and preferrably also providing some more > guidance seems desirable as migrating off the builtin user system to LDAP is > strongly recommened and the documentation has explicit statements about > security risks otherwise incurred. > I also realized that the template included in the documentation at > http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and > the default template included in 10.7.1.1 software are no longer in sync. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
[ https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dag H. Wanvik updated DERBY-4990: - Attachment: DERBY-4990b.diff Attaching a revised version of this patch which changes the wording to say that a SocketPermission must be granted to the derby.jar codebase, rather than the derbynet.jar codebase. It also inserts an example entry into the shown policy file for LDAP. Thanks to Thomas for noticing! > Documentation should state a custom security policy being required to use > LDAP in conjunction with network driver > - > > Key: DERBY-4990 > URL: https://issues.apache.org/jira/browse/DERBY-4990 > Project: Derby > Issue Type: Task > Components: Documentation >Reporter: Thomas Hill >Assignee: Kim Haase > Attachments: DERBY-4990.diff, DERBY-4990b.diff, > tadminnetservcustom.html > > > The documentation is lacking a statement that defining and using a >custom< > security manager template is required when wanting to use LDAP authorization > provider in conjunction with the network driver client. driver. Otherwise, > i.e. just using the default security policy will lead to socket permission > errors. Details on which permission exactely needs to be granted to which > code base would be very helpful. > Chapter 'Running Derby under a security manager', section 'granting > permissions to Derby' in the Developer's guide seems a good place to mention > the permission java.net.SocketPermission as optional, but required to be set > when wanting to use LDAP authorization in conjunction with the network client > driver and defining the authorisation provider properties as system-level > properties. > Adding this to the documentation and preferrably also providing some more > guidance seems desirable as migrating off the builtin user system to LDAP is > strongly recommened and the documentation has explicit statements about > security risks otherwise incurred. > I also realized that the template included in the documentation at > http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and > the default template included in 10.7.1.1 software are no longer in sync. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
[ https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kim Haase updated DERBY-4990: - Issue & fix info: [Patch Available] > Documentation should state a custom security policy being required to use > LDAP in conjunction with network driver > - > > Key: DERBY-4990 > URL: https://issues.apache.org/jira/browse/DERBY-4990 > Project: Derby > Issue Type: Task > Components: Documentation >Reporter: Thomas Hill >Assignee: Kim Haase > Attachments: DERBY-4990.diff, tadminnetservcustom.html > > > The documentation is lacking a statement that defining and using a >custom< > security manager template is required when wanting to use LDAP authorization > provider in conjunction with the network driver client. driver. Otherwise, > i.e. just using the default security policy will lead to socket permission > errors. Details on which permission exactely needs to be granted to which > code base would be very helpful. > Chapter 'Running Derby under a security manager', section 'granting > permissions to Derby' in the Developer's guide seems a good place to mention > the permission java.net.SocketPermission as optional, but required to be set > when wanting to use LDAP authorization in conjunction with the network client > driver and defining the authorisation provider properties as system-level > properties. > Adding this to the documentation and preferrably also providing some more > guidance seems desirable as migrating off the builtin user system to LDAP is > strongly recommened and the documentation has explicit statements about > security risks otherwise incurred. > I also realized that the template included in the documentation at > http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and > the default template included in 10.7.1.1 software are no longer in sync. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
[ https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kim Haase updated DERBY-4990: - Attachment: tadminnetservcustom.html DERBY-4990.diff Attaching tadminnetservcustom.html and DERBY-4990.diff, which add another bullet item describing the socket permission needed for LDAP. Please let me know what changes are needed. > Documentation should state a custom security policy being required to use > LDAP in conjunction with network driver > - > > Key: DERBY-4990 > URL: https://issues.apache.org/jira/browse/DERBY-4990 > Project: Derby > Issue Type: Task > Components: Documentation >Reporter: Thomas Hill >Assignee: Kim Haase > Attachments: DERBY-4990.diff, tadminnetservcustom.html > > > The documentation is lacking a statement that defining and using a >custom< > security manager template is required when wanting to use LDAP authorization > provider in conjunction with the network driver client. driver. Otherwise, > i.e. just using the default security policy will lead to socket permission > errors. Details on which permission exactely needs to be granted to which > code base would be very helpful. > Chapter 'Running Derby under a security manager', section 'granting > permissions to Derby' in the Developer's guide seems a good place to mention > the permission java.net.SocketPermission as optional, but required to be set > when wanting to use LDAP authorization in conjunction with the network client > driver and defining the authorisation provider properties as system-level > properties. > Adding this to the documentation and preferrably also providing some more > guidance seems desirable as migrating off the builtin user system to LDAP is > strongly recommened and the documentation has explicit statements about > security risks otherwise incurred. > I also realized that the template included in the documentation at > http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and > the default template included in 10.7.1.1 software are no longer in sync. -- This message is automatically generated by JIRA. - For more information on JIRA, see: http://www.atlassian.com/software/jira
