db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen
Date Fri, 08 Feb 2008 17:19:42 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by JohnHEmbretsen:

  == Notes/Issues ==
   * '''jmx-authc''' should be closely tied to derby-authc so that a user does not have to
authenticate twice (or more) in order to use a system-level MBean.
+  * more fine-grained authorization (per-operation, per-attribute) would probably be nice.
But are the above enabling-policies too restrictive?
   * how to perform '''derby-authc''' checks without connecting to a database?
   * how to (easily and correctly) enforce [http://db.apache.org/derby/docs/dev/tuning/ctunsetprop23308.html
''Precedence of properties''] and [http://db.apache.org/derby/docs/dev/tuning/ctunsetprop824533.html
''protection of database properties'']? Are there existing utility methods or other mechanisms
for this?
   * do we need a ''delegating MBean'', controlling when to enable/disable other "sensitive"
MBeans such as '''SystemMBean''' and '''NetworkServerControlMBean'''?

View raw message