[ http://issues.apache.org/jira/browse/DERBY-474?page=comments#action_12323057 ]
Kathey Marsden commented on DERBY-474: -------------------------------------- Documentation should also be updated to have an appropriate warning about using the bootPassword attribute from a client. . Currently with Network Client embeded attributes are sent as clear text to the server even when encrypted user id and password are specified as the security mechanism. > Improve Network Server security documentation > ---------------------------------------------- > > Key: DERBY-474 > URL: http://issues.apache.org/jira/browse/DERBY-474 > Project: Derby > Type: Improvement > Components: Documentation > Versions: 10.2.0.0 > Reporter: Kathey Marsden > > The network server security documentation should document security manager > permissions needed separate from the example policy file. > The example policy file should separate permissions by jar file. > There should not be examples of starting network server with the -h 0.0.0.0 > option without using security manager. > Risks of running outside of security manager and without user authentication > should be documented. > Discussion should be included about client encrypted user id password and > associated limitations. > The section should mention that there is no data stream encryption with > network server. > http://incubator.apache.org/derby/docs/adminguide/tadminnetservrun.html -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
