[jira] Commented: (DERBY-2196) Run standalone network server with security manager by default

Tue, 06 Feb 2007 09:23:27 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12470651
 ] 

Rick Hillegas commented on DERBY-2196:
--------------------------------------

Dan> Do we really need a 'policy' command? Why not just have the basic policy 
file in the release folder under a new folder such as security or policies? 
Much easier for anyone to find rather than having to learn a command.

When we started out, it looked as though the policy file might have to be 
parameterized according to command line arguments. I'm cautiously hopeful right 
now that that is no longer true. That means the only variables in the policy 
file now are the language-sensitive comments which explain how to customize the 
file. I suppose that's just a piece of sugar and we could rely on the user 
guides to handle this.

I'm not clear on what you mean by "release directory". Do you think that we 
should create a new subdirectory called "security" which is parallel to bin, 
doc, and lib?

> Run standalone network server with security manager by default
> --------------------------------------------------------------
>
>                 Key: DERBY-2196
>                 URL: https://issues.apache.org/jira/browse/DERBY-2196
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server, Security
>            Reporter: Daniel John Debrunner
>         Assigned To: Rick Hillegas
>         Attachments: derby-2196-01-print-01.diff, 
> derby-2196-01-print-02.diff, secureServer.html, secureServer.html, 
> secureServer.html, secureServer.html, secureServer.html
>
>
> From an e-mail discussion:
> ... Derby should match the security  provided by typical client server 
> systems such as DB2, Oracle, etc. I 
> think in this case system/database owners are trusting the database 
> system to ensure that their system cannot be attacked. So maybe if Derby 
> is booted as a standalone server with no security manager involved, it 
> should install one with a default security policy. Thus allowing Derby 
> to use Java security manager to manage system privileges but not 
> requiring everyone to become familiar with them.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/[EMAIL 
> PROTECTED]
> I imagine such a policy would allow any access to databases under 
> derby.system.home and/or user.home.
> By standalone I mean the network server was started though the main() method 
> (command line).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to