[
https://issues.apache.org/jira/browse/DERBY-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13097971#comment-13097971
]
Rick Hillegas commented on DERBY-5400:
--------------------------------------
Good question. I don't think we have defined this term. I am using it as
shorthand for "the person who boots the VM which runs Derby". That person
enjoys the following powers (some of which overlap):
1) The power to set the Java security policy.
2) The power to set the classpath, bringing in application software (and maybe
malware).
3) The power to set Derby properties at the system level.
4) The power to set the authentication mechanism.
5) The power to enable SSL/TLS encryption.
6) The power to set file permissions (via umask and access control lists).
7) The power to set the port/host information for the network server and to
enable network tracing.
Is "system administrator" a bad name for this person? Would some other term be
better, like "VM administrator", "VM owner", "booter", "security czar", ...?
Thanks.
> Toggling of network tracing should be protected by requiring the user to
> specify the credentials of the system administrator.
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5400
> URL: https://issues.apache.org/jira/browse/DERBY-5400
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Affects Versions: 10.9.0.0
> Reporter: Rick Hillegas
>
> For servers which are brought up with the system administrator's credentials,
> we should require those credentials to be specified when turning network
> tracing on and off.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
