Suresh Thalamati wrote:
Rick Hillegas wrote:
Oystein Grovlen - Sun Norway wrote:
Rick Hillegas wrote:
2) What behavior would we like to see in 10.3 when we control
engine shutdown with Java Security?
I think we need to prevent unauthorized users from bringing down
the network server. I wonder if there is much difference between
the power to shutdown the engine and the power to shutdown the
network server? It makes sense to me that if you don't have the
weaker power to shutdown the engine, then you should not have the
stronger power to shutdown the whole server. Which of the following
behaviors seems best:
i) You cannot shutdown the network server if the engine is still
running and/or databases are still open. Instead, first you must
connect with the engine shutdown url and good credentials as a user
who has Shutdown privilege. Once you have brought down the engine
this way, then you can bring down the network server.
It seems a bit cumbersome for a system administrator to have to
connect to every database before shutting down the server.
I agree. What I had in mind was a little simpler, although still
cumbersome:
a) First the system administrator connects to derby with the master
shutdown url which brings down the whole engine--and by implication,
all of the open databases.
b) Then the system administrator brings down the network server.
I don't understand the reasons behind why you want users to perform
two-steps to shutdown. I think it is not intuitive, I am sure most of
the users will just shutdown the network server (option b) and assume
databases are shutdown too. If the intention is to allow users to
perform of quick shutdown of network server without shutdown of
databases , it should be a different command.
Thanks
-suresh
Thanks, Suresh. I sense that a consensus is building that network
shutdown should be a one step process and that the user should supply
credentials.
Regards,
-Rick
