So far there doesn't seem to be much controversy about installing a
security manager if the user forgets to. Please correct me if the
security-manager-installation is controversial too.
The controversy I'm aware of seems to be this: should we fail to boot
the server if authentication is turned off? There seem to be several
proposed solutions. All of these proposals install a security manager at
server-boot time if the user neglects to. All of these proposals also
provide a command line option which forces the server to boot even if
Derby thinks it's a bad idea:
1) Flunk the boot if authentication is turned off (current 10.3 behavior).
2) Flunk the boot only if authentication is turned off and the server is
listening on something other than localhost.
3) Don't flunk the boot.
There is a related issue of whether to print/log a diagnostic if the
server comes up in what it considers an unsafe configuration. I think
this can be addressed by DERBY-1056 later on.
I vote for option (3). It completely removes the incompatibility which
people are concerned about.
Regards,
-Rick
