db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r559436 - in /db/derby/code/trunk/java/drda/org/apache/derby/drda: server.policy template.policy
Date Wed, 25 Jul 2007 12:51:34 GMT
Author: dag
Date: Wed Jul 25 05:51:33 2007
New Revision: 559436

URL: http://svn.apache.org/viewvc?view=rev&rev=559436
Log:
DERBY-2963 Extending SocketPermission to all hosts ("*") in the default policy file
to make server start compatible with pre-10.3 versions which allowed any host to connect
if no security manager was used.
Also added comment that user may want to restrict this permission.

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=559436&r1=559435&r2=559436
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Wed Jul 25 05:51:33
2007
@@ -28,6 +28,16 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.security.host}", "accept"; 
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+  permission java.net.SocketPermission "*", "accept"; 
+
 };
 

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?view=diff&rev=559436&r1=559435&r2=559436
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Wed Jul 25 05:51:33
2007
@@ -40,6 +40,16 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.security.host}", "accept"; 
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+  permission java.net.SocketPermission "*", "accept"; 
+
 };
 



Mime
View raw message