[jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver

Mon, 31 Jan 2011 13:41:53 -0800 

     [ 
https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kim Haase updated DERBY-4990:
-----------------------------

    Attachment: tadminnetservcustom.html
                DERBY-4990.diff

Attaching tadminnetservcustom.html and DERBY-4990.diff, which add another 
bullet item describing the socket permission needed for LDAP. Please let me 
know what changes are needed.

> Documentation should state a custom security policy being required to use 
> LDAP in conjunction with network driver
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4990
>                 URL: https://issues.apache.org/jira/browse/DERBY-4990
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation
>            Reporter: Thomas Hill
>            Assignee: Kim Haase
>         Attachments: DERBY-4990.diff, tadminnetservcustom.html
>
>
> The documentation is lacking a statement that defining and using a >custom< 
> security manager template is required when wanting to use LDAP authorization 
> provider in conjunction with the network driver client. driver. Otherwise, 
> i.e. just using the default security policy will lead to socket permission 
> errors. Details on which permission exactely needs to be granted to which 
> code base would be very helpful.
> Chapter 'Running Derby under a security manager', section 'granting 
> permissions to Derby' in the Developer's guide seems a good place to mention 
> the permission java.net.SocketPermission as optional, but required to be set 
> when wanting to use LDAP authorization in conjunction with the network client 
> driver and defining the authorisation provider properties as system-level 
> properties.
> Adding this to the documentation and preferrably also providing some more 
> guidance seems desirable as migrating off the builtin user system to LDAP is 
> strongly recommened and the documentation has explicit statements about 
> security risks otherwise incurred. 
> I also realized that the template included in the documentation at 
> http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and 
> the default template included in 10.7.1.1 software are no longer in sync.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to