db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by DanDebrunner
Date Fri, 08 Feb 2008 17:36:21 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/JMXSecurityExpectations

The comment on the change is:
Add a couple of questions to the notes/issues

------------------------------------------------------------------------------
  
  == Notes/Issues ==
  
-  * '''jmx-authc''' should be closely tied to derby-authc so that a user does not have to
authenticate twice (or more) in order to use a system-level MBean.
+  * '''jmx-authc''' should be closely tied to derby-authc so that a user does not have to
authenticate twice (or more) in order to use a system-level MBean. /!\ Not sure if closely
tied is the correct description here. At least it should be possible for JMX-users (which
by definition have passes jmx-authc) to be in the set of valid Derby system adminstrators,
thus allowing Derby system permissions granted to them.
   * more fine-grained authorization (per-operation, per-attribute) would probably be nice.
But are the above enabling-policies too restrictive?
-  * how to perform '''derby-authc''' checks without connecting to a database?
+  * how to perform '''derby-authc''' checks without connecting to a database? /!\ ''What
database operations do not need a connection?''
   * how to (easily and correctly) enforce [http://db.apache.org/derby/docs/dev/tuning/ctunsetprop23308.html
''Precedence of properties''] and [http://db.apache.org/derby/docs/dev/tuning/ctunsetprop824533.html
''protection of database properties'']? Are there existing utility methods or other mechanisms
for this?
   * do we need a ''delegating MBean'', controlling when to enable/disable other "sensitive"
MBeans such as '''SystemMBean''' and '''NetworkServerControlMBean'''?
  

Mime
View raw message