[jira] Commented: (DERBY-2196) Run standalone network server with security manager by default

Tue, 06 Feb 2007 10:00:38 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12470675
 ] 

Daniel John Debrunner commented on DERBY-2196:
----------------------------------------------

The codebases can also be properties, look at the policy file for the test 
harness.

Yes I mean a security subdirectory in the release directory, but it could be 
done other ways, a example in the documentation that could be cut & pasted 
might be enough. The expectation is the file is going to be modified anyway.

If we do have a security directory I wasn't thinking that the network server 
would use the file from that location, it might be easier to keep the policy 
file contained in the network jar file. We don't need to "maintain" such a file 
in two locations as they can be sourced from the same location during the 
build. With that a better name for the subdirectory might be "example" or 
"templates"  or something along those lines.

> Run standalone network server with security manager by default
> --------------------------------------------------------------
>
>                 Key: DERBY-2196
>                 URL: https://issues.apache.org/jira/browse/DERBY-2196
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server, Security
>            Reporter: Daniel John Debrunner
>         Assigned To: Rick Hillegas
>         Attachments: derby-2196-01-print-01.diff, 
> derby-2196-01-print-02.diff, secureServer.html, secureServer.html, 
> secureServer.html, secureServer.html, secureServer.html
>
>
> From an e-mail discussion:
> ... Derby should match the security  provided by typical client server 
> systems such as DB2, Oracle, etc. I 
> think in this case system/database owners are trusting the database 
> system to ensure that their system cannot be attacked. So maybe if Derby 
> is booted as a standalone server with no security manager involved, it 
> should install one with a default security policy. Thus allowing Derby 
> to use Java security manager to manage system privileges but not 
> requiring everyone to become familiar with them.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/[EMAIL 
> PROTECTED]
> I imagine such a policy would allow any access to databases under 
> derby.system.home and/or user.home.
> By standalone I mean the network server was started though the main() method 
> (command line).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to