[
https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13879223#comment-13879223
]
Mike Matrigali edited comment on DERBY-6438 at 1/22/14 9:49 PM:
----------------------------------------------------------------
I also agree we should put out a single server policy file in 10.10 that works
for as many jvms as possible. If policy files allow, it would be nice to add a
comment in the file noting the param is new for jdk18 and above but should be
ok to include when using releases previous to jdk18 and will have no affect (i
assume). This will be good to get into the upcoming 10.10 apache release will
be targeted at full support of jdk18 when it is actually released.
the question for those of us wanting to support the newest pre-jdk18 releases
coming from oracle now (and from dependent vendors in the near future) on derby
releases prior to 10.10, is what exactly do we need to backport to address this
new issue.
was (Author: mikem):
I also agree we should put out a single server policy file in 10.10 that works
for as many jvms as possible. If policy files allow, it would be nice to add a
comment in the file noting the param is new for jdk18 and above but should be
ok to include when using releases previous to jdk18 and will have no affect (i
assume).
the question for those of us wanting to support the newest pre-jdk18 releases
coming from oracle now (and from dependent vendors in the near future) on derby
releases prior to 10.10, is what exactly do we need to backport to address this
new issue.
> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
> Key: DERBY-6438
> URL: https://issues.apache.org/jira/browse/DERBY-6438
> Project: Derby
> Issue Type: Improvement
> Components: Network Server
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2,
> 10.10.1.4, 10.11.0.0
>
> Attachments: 1010_server.policy, 1010_server.policy,
> 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html,
> releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it
> listens to, but this permission is not granted by the basic server policy
> that's installed by default. This doesn't cause any problems in most cases,
> since the JVM's default policy grants all code bases SocketPermission
> "listen" on a range of ports, and Derby's network server port is within that
> range.
> Still, the network server should not rely on this fact. It is possible to run
> the network server on any port, not only those ports that happen be in the
> range that's given carte blanche by the platform's default policy. The
> network server will however not be able to run on those ports with the basic
> policy currently, only with a custom policy or with the security manager
> disabled.
> The default policy should make this permission explicit.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
