Re: Database commands for Karaf

2012/1/17 Jean-Baptiste Onofré > Hi guys, > > let me try to summarise the different options: > - include in Karaf: it's not a good idea as the commands scope is not > purely container related > - include in a Karaf sub-project (as Karaf Extra on google, or a pure > sub-project as Cellar, WebConso

Re: Database commands for Karaf

Hi guys, let me try to summarise the different options: - include in Karaf: it's not a good idea as the commands scope is not purely container related - include in a Karaf sub-project (as Karaf Extra on google, or a pure sub-project as Cellar, WebConsole, Cave and EIK). Pros: we control/are th

Re: Database commands for Karaf

Hey all, I would opt for some from Apache repositories too, since we all have access to them. I preffer a ServiceMix as destination project because from following reasons: 1) We have more Karaf commiters in ServiceMix than in any other project listed before 2) Our communities in past was strict

Re: Database commands for Karaf

> I think the most appropriate place for this kind of stuff is geronimo > since the general idea for geronimo is to provide EE funcionality that > elaborates other projects. Yeah, Geronimo would be a great place too, as long as it can provide a feature descriptor that would allow its use in plain

Re: Database commands for Karaf

I think the most appropriate place for this kind of stuff is geronimo since the general idea for geronimo is to provide EE funcionality that elaborates other projects. We have a "components" set of subprojects already. (we also have this kind of functionality in the geronimo admin console alre

Re: Database commands for Karaf

I would be fine with both options. Christian Am 16.01.2012 13:23, schrieb Jean-Baptiste Onofré: As these commands concern the "Enterprise Section" (datasource, database, connection factory, etc), we can: - as I said in my first e-mail, store it in Aries (as Aries provides connection pool suppo

Re: Database commands for Karaf

As these commands concern the "Enterprise Section" (datasource, database, connection factory, etc), we can: - as I said in my first e-mail, store it in Aries (as Aries provides connection pool support, JPA, and the others enterprise feature) - in KarafEE, depending of the OpenEJB guys Regards J

Re: Database commands for Karaf

What do you think about having those stuff as part of KarafEE which is currently hosted as an OpenEJB subproject? It seems that its the ideal place to host those, it will reduce the maintenance overhead of having an other subproject. On 16 Ιαν 2012, at 1:54 μ.μ., Achim Nierbeck wrote: > +1 for

Re: Database commands for Karaf

+1 for starting a Karaf-Extras on GitHub, as a osgi-geek-store ;) for new fancy stuff to put on top of Karaf. Achim 2012/1/16 Andreas Pieber > On Mon, Jan 16, 2012 at 10:41, Achim Nierbeck >wrote: > > > You are certainly right, that the new db-command doesn't impose more > > security threads,

Re: Database commands for Karaf

On Mon, Jan 16, 2012 at 10:41, Achim Nierbeck wrote: > You are certainly right, that the new db-command doesn't impose more > security threads, than > what we have already on board. It just makes it much more simpler :) > But to get back to the original Question raised here I still don't think > t

Re: Database commands for Karaf

You are certainly right, that the new db-command doesn't impose more security threads, than what we have already on board. It just makes it much more simpler :) But to get back to the original Question raised here I still don't think the core of Karaf is the main scope for additional nice features,

Re: Database commands for Karaf

The real problem about securing the shell is that the shell allow the use of introspection. So even if we put authorization at the command level, anybody can easily access the osgi bundle context and really do mostly everything from there. So in order to secure the shell, we'd have to disable scri

Re: Database commands for Karaf

Hi Achim, FYI, last week I raised: https://issues.apache.org/jira/browse/KARAF-1148 The purpose is to use the Karaf JAAS layer (and group especially), to define security policy associated (for instance, this group can launch this command or access to this MBean, but not this group). Regards

Re: Database commands for Karaf

Hi, I pretty much liked the idea of Claus, that a "app-store" kind-of-thing could be the home for such neat shell/other-stuff improvments on top of Karaf. I'm -1 for adding it into the scope of Karaf, cause it's plainly out of scope. Never the less I think this is quite a handy shell command that

Re: Database commands for Karaf

Well, TBH as long as we do not lay down our roadmap what we expect from Karaf's application service security (although Claus wrote down quite a detailed idea :-)) I somehow have the feeling that this is the wrong thread for a discussion about the security of those commands. --> @Commands: I still t

Re: Database commands for Karaf

In reply to Claus Ibsen mail > Well there is a problem, if anyone who can ssh into karaf, can execute > any arbitrary SQL against any data sources deployed, and being able to > hide using the credentials from the application level data source. If > the user would always have to provide a username/

Re: Database commands for Karaf

On Sun, Jan 15, 2012 at 2:56 PM, Christian Schneider wrote: > I see no real security problem in the commands themselves. The DataSource is > a security risk though. Typically datasources are defined with full > credentials of a technical user that may access the database. So whoever > logs into ka

Re: Database commands for Karaf

On Sun, Jan 15, 2012 at 1:43 PM, David Jencks wrote: > I don't quite understand the security problem, but maybe I'm thinking of a > different environment.  I would expect an environment where the db enforces > user level access to that user's data to be set up in the app server using > containe

Re: Database commands for Karaf

I see no real security problem in the commands themselves. The DataSource is a security risk though. Typically datasources are defined with full credentials of a technical user that may access the database. So whoever logs into karaf has access to the db with that technical user. Typically on a

Re: Database commands for Karaf

I don't quite understand the security problem, but maybe I'm thinking of a different environment. I would expect an environment where the db enforces user level access to that user's data to be set up in the app server using container based security, where the app server maps the user identity

Re: Database commands for Karaf

Hi At first thought the commands seems cool. However one part (the SQL execute) they risk introduce a security vulnerability, as a malicious user can use these commands to access production database, and manipulate the data. And by using the same datasource/connection that applications uses, so i

Re: Database commands for Karaf

te Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://wwx.talend.com - Reply message - From: "Christian Schneider" To: Subject: Database commands for Karaf Date: Fri, Jan 13, 2012 5:13 pm Hi all, as part of my Karaf Tutorial about database access I have writte some handy

Re: Database commands for Karaf

I agree with Andreas here. I think that they are beyond Karaf's scope. Maybe they should be part of ServiceMix or an other project. -- *Ioannis Canellos* * FuseSource ** Blog: http://iocanel.blogspot.com ** Apache Karaf Committer & PMC Apache Ca

Re: Database commands for Karaf

t;> But maybe in Aries as we have connection factory, etc ? >> >> Regards >> JB >> >> -- >> Jean-Baptiste Onofré >> jbono...@apache.org >> http://blog.nanthrax.net >> Talend - http://wwx.talend.com >> >> - Reply message

Re: Database commands for Karaf

Christian Am 13.01.2012 17:25, schrieb j...@nanthrax.net: +1 But maybe in Aries as we have connection factory, etc ? Regards JB -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://wwx.talend.com - Reply message - From: "Christian Schneider"

Re: Database commands for Karaf

+1 But maybe in Aries as we have connection factory, etc ? Regards JB -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://wwx.talend.com - Reply message - From: "Christian Schneider" To: Subject: Database commands for Karaf Date: Fri, Jan

Database commands for Karaf

Hi all, as part of my Karaf Tutorial about database access I have writte some handy Karaf shell commands for databases. They are described with screen dumps in my Tutorial http://www.liquid-reality.de/x/LYBk . Especially for embedded databases like derby and h2 I missed a simple access to th