db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "DerbyTenThreeRelease" by DanDebrunner
Date Thu, 22 Feb 2007 20:21:23 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/DerbyTenThreeRelease

------------------------------------------------------------------------------
  The Secure Server work ([https://issues.apache.org/jira/browse/DERBY-2196 DERBY-2196]) introduces
the following incompatibility during upgrade from release 10.2:
  
  || '''Scenario''' || '''Old behavior''' || '''New behavior''' || '''Customer needs to make
these changes...''' ||
- ||  '''Unsecure with authentication'''|| In this scenario, !NetworkServerControl is the
main entry point for the VM and the VM starts up without a !SecurityManager. However, the
customer has set the system property derby.connection.requireAuthentication=true|| The server
comes up as before. However, under the hood,  !NetworkServerControl installs a !SecurityManager.
This may affect the running of customer-written procedures and functions. For instance, it
may affect whether application code can perform sensitive operations like file i/o, system-property-reading,
classloading, etc.. The customer may need to add privileged blocks to her code so that the
application can run under a !SecurityManager.|| Probably the customer does not need to do
anything. However, the customer may need to bring the server up with the -noSecurityManager
flag if the !SecurityManager causes her  problems--for instance, if she does not want to add
privileged blocks to her procedures and functions.||
+ ||  '''Unsecure with authentication'''|| In this scenario, !NetworkServerControl is the
main entry point for the VM and the VM starts up without a !SecurityManager. However, the
customer has set the system property derby.connection.requireAuthentication=true|| The server
comes up as before. However, under the hood,  !NetworkServerControl installs a !SecurityManager.
This may affect the running of customer-written procedures and functions. Application code
within routines will no longer be able to perform operations that require security checks
like file i/o, system-property-reading, classloading, etc.. || The customer does not need
to do anything if her routines are not perfoming such operations. If her routines are performing
such operations then there are (at least) two choices. 1) Bring the server up with the -noSecurityManager
flag if the !SecurityManager causes her problems--for instance, if she does not want to add
privileged blocks to her procedures and functions. 2)
  Bring the server up with her own security manager and policy file. ||
  ||  '''Unsecure with no authentication'''|| In this scenario, !NetworkServerControl is the
main entry point for the VM and the VM starts up without a !SecurityManager. In addition,
the system property derby.connection.requireAuthentication is not set to true|| The server
fails to come up because user authentication is not turned on.|| The customer must either
turn on user authentication or bring the server up with the -noSecurityManager flag. ||
  
  

Mime
View raw message