[
https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12465802
]
John H. Embretsen commented on DERBY-2196:
------------------------------------------
Good work, here are my comments:
a) If I understand this correctly, there is actually no point in using the
security manager when using the shutdown command, right? If so, I agree that
the admin guide example is confusing.
b) Which SocketPermissions will be default (for the start command)? Granting
"accept, connect, resolve" for "localhost" and "127.0.0.1", or something else?
c) I think the spec could be clearer on which parts of the basic policy will
depend on parameters/options. Or, which parameters options will/might impact
the basic policy.
d) Regarding the upgrade scenarios, I think it would be better (less
misleading) to call the "Insecure Standalone Server" scenario "Default
Standalone Server" or something to that regard instead, since the server is
only (totally) insecure with old versions, not new ones.
e) I think it is good to have a relatively easy way to disable automatic
security manager installation. Whether the option is called -i,
-disableSecurityManager or something else does not matter much to me.
f) At first I was thinking that "None" is a more intuitive name for the "Open"
policy (because no "real" policy is used), but I guess it doesn't matter. Just
thinking loud ;)
> Run standalone network server with security manager by default
> --------------------------------------------------------------
>
> Key: DERBY-2196
> URL: https://issues.apache.org/jira/browse/DERBY-2196
> Project: Derby
> Issue Type: Improvement
> Components: Network Server, Security
> Reporter: Daniel John Debrunner
> Attachments: secureServer.html
>
>
> From an e-mail discussion:
> ... Derby should match the security provided by typical client server
> systems such as DB2, Oracle, etc. I
> think in this case system/database owners are trusting the database
> system to ensure that their system cannot be attacked. So maybe if Derby
> is booted as a standalone server with no security manager involved, it
> should install one with a default security policy. Thus allowing Derby
> to use Java security manager to manage system privileges but not
> requiring everyone to become familiar with them.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/[EMAIL
> PROTECTED]
> I imagine such a policy would allow any access to databases under
> derby.system.home and/or user.home.
> By standalone I mean the network server was started though the main() method
> (command line).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
