Modified:
websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html
==============================================================================
---
websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html
(original)
+++
websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html
Thu May 3 16:33:58 2018
@@ -98,10 +98,14 @@ grant codeBase "${derby.install.url}derb
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
- // You may want to restrict this access to specific directories.
+ // NOTE: this permission is commented out. You should NOT grant blanket
+ // permission to the entire filesystem! If you choose to use this
+ // permission to allow the server to access files outside of the
+ // server's home directory, you should name those specific directories
+ // in the permisson (that is, do NOT specify ALL FILES).
//
- permission java.io.FilePermission "<<ALL FILES>>",
- "read,write,delete";
+ // permission java.io.FilePermission "<<ALL FILES>>",
+ // "read,write,delete";
// Permissions needed for JMX based management and monitoring.
//
@@ -187,10 +191,11 @@ grant codeBase "${derby.install.url}derb
//
//permission java.net.SocketPermission "*", "connect,resolve";
- // Needed by sysinfo. The file permission is needed to
- // check the existence of jars on the classpath. You can
- // limit this permission to just the locations which hold
- // your jar files.
+ // Needed by sysinfo. A file permission is needed to check the existence of
+ // jars on the classpath. Note that this permission is commented out!
+ // You should limit this permission to just the locations which hold
+ // your jar files; do NOT grant blanket permission to read the entire
+ // filesystem.
//
// In this template file, this block of permissions is granted
// to derbynet.jar under the assumption that derbynet.jar is
@@ -212,7 +217,8 @@ grant codeBase "${derby.install.url}derb
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
+ // permission java.io.FilePermission "${derby.install.directory}${/}-",
+ // "read";
};</pre>
</div>
Modified: websites/production/db/content/derby/docs/10.14/security/secderby.pdf
==============================================================================
Binary files - no diff available.
Modified:
websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html
==============================================================================
---
websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html
(original)
+++
websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html
Thu May 3 16:33:58 2018
@@ -54,11 +54,19 @@ manager, the Network Server installs a d
enforces a Basic policy.</p>
<div class="section">
-<p>You are encouraged to customize this policy to fit the security needs of
your
+<p>You are strongly encouraged to customize this policy to fit the security
needs of your
application and its runtime environment.</p>
<p>You may also run the Network Server without a security manager, although
this
-is not recommended.</p>
+is not recommended.
+Without a security manager in place, the Network Server should not
+be deployed in such a manner as to allow for connections from untrusted
+networks.
+A firewall or other security tool should be used in such a scenario.</p>
+
+<p>A firewall or other security tool is also good practice
+in addition to running the Network Server with a carefully-written
+security policy file.</p>
<p>The default policy is used if you boot the Network Server as your VM's entry
point, using a command like the following:</p>
Modified: websites/production/db/content/derby/docs/10.14/tools/derbytools.pdf
==============================================================================
Binary files - no diff available.
Modified:
websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html
==============================================================================
--- websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html
(original)
+++ websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html
Thu May 3 16:33:58 2018
@@ -39,7 +39,7 @@
<div>
<div class="section"> <p><img src="../images/logowithtext.jpg" alt="Logo for
Apache Derby" /></p>
- <p>Copyright 2004-2017 The Apache Software Foundation</p>
+ <p>Copyright 2004-2018 The Apache Software Foundation</p>
<p> Licensed
under the Apache License, Version 2.0 (the "License"); you may not use this
file except in compliance with the License. You may obtain a copy of the
License
Modified:
websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html
==============================================================================
--- websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html
(original)
+++ websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html
Thu May 3 16:33:58 2018
@@ -39,7 +39,7 @@
<div>
<div class="section"> <p><img src="../images/logowithtext.jpg" alt="Logo for
Apache Derby" /></p>
- <p>Copyright 2004-2017 The Apache Software Foundation</p>
+ <p>Copyright 2004-2018 The Apache Software Foundation</p>
<p> Licensed
under the Apache License, Version 2.0 (the "License"); you may not use this
file except in compliance with the License. You may obtain a copy of the
License
Modified: websites/production/db/content/derby/docs/10.14/tuning/tuningderby.pdf
==============================================================================
Binary files - no diff available.
