Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Derby Development" <derby-dev@db.apache.org>
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r559555 - in
 /db/derby/code/branches/10.3/java/drda/org/apache/derby/drda: server.policy
 template.policy
Date: Wed, 25 Jul 2007 18:51:01 -0000
To: derby-commits@db.apache.org
From: dag@apache.org
Message-Id: <20070725185101.588E91A981A@eris.apache.org>

Author: dag
Date: Wed Jul 25 11:50:59 2007
New Revision: 559555

URL: http://svn.apache.org/viewvc?view=rev&rev=559555
Log:
DERBY-2963 Merged from trunk as 
svn merge -r 559435:559436 https://svn.apache.org/repos/asf/db/derby/code/trunk .

Original comment:
DERBY-2963 Extending SocketPermission to all hosts ("*") in the default policy file
to make server start compatible with pre-10.3 versions which allowed any host to connect
if no security manager was used.
Also added comment that user may want to restrict this permission.


Modified:
    db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy

Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=559555&r1=559554&r2=559555
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy Wed Jul 25 11:50:59 2007
@@ -28,6 +28,16 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.security.host}", "accept"; 
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+  permission java.net.SocketPermission "*", "accept"; 
+
 };
 

Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy?view=diff&rev=559555&r1=559554&r2=559555
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy Wed Jul 25 11:50:59 2007
@@ -40,6 +40,16 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.security.host}", "accept"; 
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+  permission java.net.SocketPermission "*", "accept"; 
+
 };