db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by DanDebrunner
Date Wed, 20 Feb 2008 16:20:18 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by DanDebrunner:
http://wiki.apache.org/db-derby/JMXSecurityExpectations

------------------------------------------------------------------------------
  
  Java security manager permissions would be modeled on `java.lang.management.ManagementPermission`
which controls permissions for controlling and monitoring the jvm itself. So while a JMX client
may be able to see MBeans that monitor the JVM it cannot get useful information of out them
unless it has `ManagementPermission("monitor")`.
  
- Derby could have similar actions added to `o.a.d.security.SystemPermission`, e.g. monitor,
control (or with better names).
+ Derby could have similar actions added to `o.a.d.security.SystemPermission` and `DatabasePermission`,
e.g. monitor, control (or with better names).
  
  Note it is not required that any permission check be in the MBean code itself, it can be
in the underlying code that implements the functionality.
  
@@ -101, +101 @@

   * Get attribute methods on VersionMBean would require `SystemPermission("monitor")`
   * Setting attributes on a system MBean would require `SystemPermission("control")`
   * Shutdown method on a network server control MBean would require `SystemPermission("shutdown")`
(from DERBY-2109)
-  * Getting attributes on a database MBean require `EXECUTE` on `SYSCS_GET_DATABASE_PROPERTY`.
+  * Getting attributes representing database properties on a database MBean require `EXECUTE`
on `SYSCS_GET_DATABASE_PROPERTY`.
-  * Setting attributes on a database MBean requires `EXECUTE` on `SYSCS_SET_DATABASE_PROPERTY`.
+  * Setting attributes representing database properties on a database MBean requires `EXECUTE`
on `SYSCS_SET_DATABASE_PROPERTY`.
+  * Getting non-database properties attributes would require `DatabasePermission("monitor")`
for the specific database.
  
  === Suggested MBeans ===
  

Mime
View raw message