Modified: websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html ============================================================================== --- websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html (original) +++ websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html Thu May 3 16:33:58 2018 @@ -98,10 +98,14 @@ grant codeBase "${derby.install.url}derb // This permission also lets you import/export data to and from // arbitrary locations in your file system. // - // You may want to restrict this access to specific directories. + // NOTE: this permission is commented out. You should NOT grant blanket + // permission to the entire filesystem! If you choose to use this + // permission to allow the server to access files outside of the + // server's home directory, you should name those specific directories + // in the permisson (that is, do NOT specify ALL FILES). // - permission java.io.FilePermission "<<ALL FILES>>", - "read,write,delete"; + // permission java.io.FilePermission "<<ALL FILES>>", + // "read,write,delete"; // Permissions needed for JMX based management and monitoring. // @@ -187,10 +191,11 @@ grant codeBase "${derby.install.url}derb // //permission java.net.SocketPermission "*", "connect,resolve"; - // Needed by sysinfo. The file permission is needed to - // check the existence of jars on the classpath. You can - // limit this permission to just the locations which hold - // your jar files. + // Needed by sysinfo. A file permission is needed to check the existence of + // jars on the classpath. Note that this permission is commented out! + // You should limit this permission to just the locations which hold + // your jar files; do NOT grant blanket permission to read the entire + // filesystem. // // In this template file, this block of permissions is granted // to derbynet.jar under the assumption that derbynet.jar is @@ -212,7 +217,8 @@ grant codeBase "${derby.install.url}derb permission java.util.PropertyPermission "java.runtime.version", "read"; permission java.util.PropertyPermission "java.fullversion", "read"; permission java.lang.RuntimePermission "getProtectionDomain"; - permission java.io.FilePermission "<<ALL FILES>>", "read"; + // permission java.io.FilePermission "${derby.install.directory}${/}-", + // "read"; };</pre> </div>
Modified: websites/production/db/content/derby/docs/10.14/security/secderby.pdf ============================================================================== Binary files - no diff available. Modified: websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html ============================================================================== --- websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html (original) +++ websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html Thu May 3 16:33:58 2018 @@ -54,11 +54,19 @@ manager, the Network Server installs a d enforces a Basic policy.</p> <div class="section"> -<p>You are encouraged to customize this policy to fit the security needs of your +<p>You are strongly encouraged to customize this policy to fit the security needs of your application and its runtime environment.</p> <p>You may also run the Network Server without a security manager, although this -is not recommended.</p> +is not recommended. +Without a security manager in place, the Network Server should not +be deployed in such a manner as to allow for connections from untrusted +networks. +A firewall or other security tool should be used in such a scenario.</p> + +<p>A firewall or other security tool is also good practice +in addition to running the Network Server with a carefully-written +security policy file.</p> <p>The default policy is used if you boot the Network Server as your VM's entry point, using a command like the following:</p> Modified: websites/production/db/content/derby/docs/10.14/tools/derbytools.pdf ============================================================================== Binary files - no diff available. Modified: websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html ============================================================================== --- websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html (original) +++ websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html Thu May 3 16:33:58 2018 @@ -39,7 +39,7 @@ <div> <div class="section"> <p><img src="../images/logowithtext.jpg" alt="Logo for Apache Derby" /></p> - <p>Copyright 2004-2017 The Apache Software Foundation</p> + <p>Copyright 2004-2018 The Apache Software Foundation</p> <p> Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License Modified: websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html ============================================================================== --- websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html (original) +++ websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html Thu May 3 16:33:58 2018 @@ -39,7 +39,7 @@ <div> <div class="section"> <p><img src="../images/logowithtext.jpg" alt="Logo for Apache Derby" /></p> - <p>Copyright 2004-2017 The Apache Software Foundation</p> + <p>Copyright 2004-2018 The Apache Software Foundation</p> <p> Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License Modified: websites/production/db/content/derby/docs/10.14/tuning/tuningderby.pdf ============================================================================== Binary files - no diff available.