[jira] [Commented] (DERBY-6438) Explicitly grant SocketPermission "listen" in default server policy

Wed, 22 Jan 2014 10:00:03 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13878905#comment-13878905
 ] 

Myrna van Lunteren commented on DERBY-6438:
-------------------------------------------

Thanks Rick, for updating the policy file...
John, I hope you can let us know if this now works.

Kim, It seems to me that the documenting of the deregister policy as something 
needed also for network server belongs with DERBY-6239, I think you should add 
it there...

I think the JVM vendors are wrong in requiring permissions within the live of a 
version, but I guess that's just me.

And that opens up the question if we should leave this discussion at this bug, 
modify the default policy file in 10.10 to match the changes Rick made, or 
backport DERBY-6224 altogether. And back to what version - presumably 10.8 when 
we started supporting Java 7. Or is this functionality also affecting older 
Derby versions?

Opinions?

> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
>                 Key: DERBY-6438
>                 URL: https://issues.apache.org/jira/browse/DERBY-6438
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server
>    Affects Versions: 10.11.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>             Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2, 
> 10.10.1.4, 10.11.0.0
>
>         Attachments: 1010_server.policy, 1010_server.policy, 
> 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html, 
> releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it 
> listens to, but this permission is not granted by the basic server policy 
> that's installed by default. This doesn't cause any problems in most cases, 
> since the JVM's default policy grants all code bases SocketPermission 
> "listen" on a range of ports, and Derby's network server port is within that 
> range.
> Still, the network server should not rely on this fact. It is possible to run 
> the network server on any port, not only those ports that happen be in the 
> range that's given carte blanche by the platform's default policy. The 
> network server will however not be able to run on those ports with the basic 
> policy currently, only with a custom policy or with the security manager 
> disabled.
> The default policy should make this permission explicit.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to