Hi John,
Thanks for testing this. A couple comments follow...
John Embretsen wrote:
In relation to DERBY-2109 (System privileges) I decided to apply the
principle
of "learning by doing", and started to experiment with a customized
version of
the template policy file for the network server.
This is described in the Server and Administration guide at
http://db.apache.org/derby/docs/dev/adminguide/tadminnetservcustom.html
In trunk, the template policy file is at
java/drda/org/apache/derby/drda/template.policy.
I found that we might be able to simplify the documentation somewhat,
if the
following is correct:
--- ---
1)
The docs say:
"Replace the ${derby.system.home} variable with the location of your
Derby
system directory. Alternatively, rather than replacing this variable,
you can
simply set the value of the derby.system.home system property when you
boot the
server."
I found that my custom policy worked (starting server, connecting,
creating
database, writing and reading data, shutting down...) even if I did
not set
derby.system.home (explicitly) and did not replace
${derby.system.home} in my
policy file. Does this mean that we may remove this bullet from the docs?
Probably not. You may end up having all the permissions that you need
because, later on in the template file, read/write/delete permission is
blanket-granted to all locations in the file system. If the customer
actually restricts that blanket grant (as we recommend), then they will
need the specific grants to locations under ${derby.system.home}. The
very first call to the permissions-checker will fault in the policy
file. At that time, the security manager needs to be able to resolve
derby.system.home in order to give Derby the file permissions it needs.
2)
The docs say:
"Replace the ${derby.security.host} variable with the address of the
network
interface on which the server is listening. Note that the special
wildcard
address "0.0.0.0" is not understood by SocketPermission, even though
Derby
accepts this wildcard as a valid value for the -h option of the
Network Server
startup command. If you must grant blanket permission to this wildcard
address,
specify "*" in the policy file."
I found no reference to ${derby.security.host} in the template policy
file; the
default value was already "*" for permission
java.net.SocketPermission. Should
we remove this bullet from the docs?
Thanks for finding this. The bullet should be rewritten to refer to
what's actually in the template file. We should still tell the customer
that they may want to adjust the socket permission based on their server
startup settings.
--- ---
Also, I suspect that some users may find it easier to set the property
derby.install.url when starting the server instead of replacing it
with a fixed
value in the policy file (as recommended by the docs). Could this have
any
side-effects?
I'm not smart enough to know whether this will open up any wormholes. I
think that the user guide's silence is fine and maybe prudent.
Thanks,
-Rick
thanks,
