db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bpendle...@apache.org
Subject svn commit: r535912 - /db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita
Date Mon, 07 May 2007 15:46:50 GMT
Author: bpendleton
Date: Mon May  7 08:46:49 2007
New Revision: 535912

URL: http://svn.apache.org/viewvc?view=rev&rev=535912
DERBY-1054: NetServlet does not allow binding to non localhost interface

This change modifies the admin guide pages for the NetServlet class to
describe the new host parameter which can be passed in via the web.xml file.

The page also explains the security implications to setting a non-localhost
value for the host. Such a server should be properly configured so that
access to it is authenticated and secured.


Modified: db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita?view=diff&rev=535912&r1=535911&r2=535912
--- db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita Mon May  7 08:46:49 2007
@@ -39,6 +39,10 @@
 same JVM.</li></ul></note>
 <p>The servlet takes the following optional configuration parameters:</p>
+<dd>Specifies the host name to be used by the Network Server.
+See the Security Considerations section below.</dd>
 <dd>Specifies the port number to be used by the Network Server.</dd>
@@ -50,6 +54,18 @@
 <dd>Specifies the location for trace files. If the tracing directory is not
 specified, the traces are placed in <i>derby.system.home</i>.</dd>
+<section><title>Security Considerations</title><p>
+For general security considerations for the Network Server, see
+<xref href="cadminnetservsecurity.dita"></xref>.</p><p>
+The "host" parameter allows configuration of the host name that will
+be used for the listening socket for network connections. By default,
+the Network Server will listen to requests only on the loopback
+address, which means that it will only accept connections from the
+local host. Changing this value could expose the server to
+external connections, which raises security concerns, so before using
+the "host" parameter, you should run under the Java security
+manager and enable user authentication.</p>
 <p>This section describes the servlet pages.</p>

View raw message