db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "SecurityExpectations" by RichardHillegas
Date Mon, 08 Jan 2007 14:53:13 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by RichardHillegas:

  || '''Policy''' || '''Description''' ||
  || '''Basic''' || This would be a generic, default policy. This policy would try to be both
secure-by-default and usable out-of-the-box. ||
  || '''Customized''' || This would be a user-modified, application-specific policy which
tightens or loosens the Basic rules. ||
- || '''Exposed''' || This is today's anything-goes policy. ||
+ || '''Open''' || This is today's anything-goes policy. ||
  We would like to make it easy to configure any of these policies. Policy details follow.
@@ -79, +79 @@

  `    java org.apache.derby.drda.NetworkServerControl shutdown -b -p 1368`
+ A variation on this approach would be to give !NetworkServerControl a new command, "print-policy",
in addition to "start" and "shutdown". Note that the policy files differ for "start" vs."shutdown"
and the policy files also differ based on other command line flags. A "print-policy" command
would have to handle all of the variety of the "start" and "shutdown" commands. For this reason,
it seems simpler to model policy-file-emitting as a qualification of the existing commands
rather than as a command in its own right.
- == Details of Exposed Policy ==
+ == Details of Open Policy ==
  Other customers may not want to run the network server under a !SecurityManager at all.
For instance:

View raw message