[
https://issues.apache.org/jira/browse/DERBY-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12483715
]
Daniel John Debrunner commented on DERBY-2466:
----------------------------------------------
I think having the same policy file for a secure environment and a template is
not a good approach.
It leads to additional security analysis for the secure environment, e.g. in
this case how does the getPolicy permission affect security? If it isn't there,
then there's no need to worry about it.
It can lead to lower security for the secure environment if the entries only
for template purposes can somehow be abused.
It's not like there's a huge amount of effort in creating a different template
file, the contents are not that complex.
> Allow dynamic reloading of the security policy file
> ---------------------------------------------------
>
> Key: DERBY-2466
> URL: https://issues.apache.org/jira/browse/DERBY-2466
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Rick Hillegas
> Assigned To: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: derby-2466-01.diff
>
>
> The spec attached to DERBY-2109 describes how to allow the policy file to be
> dynamically reloaded while a server is running: We add a getPolicy permission
> to the Basic policy and we add a DBA-owned system procedure,
> SYSCS_UTIL.SYSCS_REFRESH_SECURITY_POLICY(), which reloads the policy file.
> This JIRA tracks that work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
