db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "JMXSecurityExpectations" by JohnHEmbretsen
Date Fri, 22 Feb 2008 07:59:55 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by JohnHEmbretsen:
http://wiki.apache.org/db-derby/JMXSecurityExpectations

The comment on the change is:
Some clarifications and temporary notes...

------------------------------------------------------------------------------
- ~-Parent: DerbyProposals-~
+ ~-Parents: DerbyProposals, ["DerbyJMX"]-~
  
  = JMX Security Expectations =
  
  Security expectations for the JMX Management and Monitoring features added by [https://issues.apache.org/jira/browse/DERBY-1387
DERBY-1387].
+ 
+ '''Note:''' (Feb 2008) ''This page will be in a volatile state for a while, as terminology
and concepts are discussed, and solutions being developed, so there is no guarantee that all
the text on this page is 100% consistent at all times.''
  
  [[TableOfContents]]
  
@@ -18, +20 @@

   * [http://www.nabble.com/-jira--Created%3A-%28DERBY-1387%29-Add-JMX-extensions-to-Derby-td4770244.html
Mail thread #1]
   * [http://db.markmail.org/message/v6npsxpyfrzxchiy?q=list:org%2Eapache%2Edb%2Ederby-dev
Mail thread #1.1] (Protecting system properties)
   * [http://db.markmail.org/message/s7eqlhz6ydrufatl?q=list:org%2Eapache%2Edb%2Ederby-dev
Mail thread #1.2] (JMX meeting system authorization)
+  * [http://www.nabble.com/JMX-Access-Control-Proposal-td15616493.html Mail thread #2] (JMX
Access Control proposal discussion)
  
  == Terminology ==
  
@@ -44, +47 @@

     
   * '''Derby system level authentication (''derby-authc''):'''
     The system-wide property `derby.connection.requireAuthentication` is `true`.
+    * Note that in relation to JDBC connection requests (to a database) ''derby-authc'',
if set, may be overridden by db-authc in certain configurations (see [http://db.apache.org/derby/docs/dev/tuning/ctunsetprop23308.html
''Precedence of properties'']).
+    * In some of the following text, different interpretations of this term seems to have
been used. It may be necessary to reconsider this definition to avoid such issues.
  
   * '''Derby database level authentication (''db-authc''):'''
     The database-wide property `derby.connection.requireAuthentication` is 
     `true`.
+    * Note that even if set, this ''may'' be overridden by ''derby-authc'' in certain configurations,
see [http://db.apache.org/derby/docs/dev/tuning/ctunsetprop824533.html ''protection of database
properties''].
+    * In some of the following text, different interpretations of this term seems to have
been used. It may be necessary to reconsider this definition to avoid such issues.
  
   * '''Derby database level connection authorization (''db-authr''):'''
     A given user is authorized with either `fullAcess` (default), `readOnlyAccess` or `noAccess`
privileges. This is defined by a number of the databse-wide properties
-     * `derby.database.defaultConnectionMode`
+     * `derby.database.defaultConnectionMode` (the default defaultConnectionMode is `fullAccess`)
      * `derby.database.fullAccessUsers`
      * `derby.database.readOnlyAccessUsers`
  
   * * is a wildcard (for example, '''*-authc''' includes '''jmx-authc''', '''derby-authc'''
and '''db-authc''').
+ 
+  * See also [http://www.nabble.com/JMX-Access-Control-Proposal-td15616493.html this E-mail
thread] to clarify potential misunderstandings in the following text.
  
  It may also be helpful to frame the discussion in terms of the following roles (extracted
from mail thread #1 above):
    * '''VM-Admin''' - This is the account which starts up the JVM which is running Derby.
This user has full control of the VM.
@@ -73, +82 @@

  
  The following paragraph sums up the community's expectations with regards to tDerby's JMX
features:
  
- '''''A valid JMX user (a user able to connect via JMX to Derby's `MBeanServer`) must not
( <!>  WAS: should in general not) be able to access information or perform operations
that would otherwise be restricted by Derby's existing security mechanisms (authentication,
authorization, Security Manager, etc.).'''''
+ '''''A valid JMX user (a user able to connect via JMX to Derby's `MBeanServer`) must not
be able to access information or perform operations that would otherwise be restricted by
Derby's existing security mechanisms (authentication, authorization, Security Manager, etc.).'''''
  
  Summarized, the main issues that need to be sorted out are:
    * ''A (Derby) system admin (possibly including both VM-Admin, !DerbyNet-Admin and Engine-Admin)
should not necessarily have access to all databases booted in the system''
@@ -135, +144 @@

  
  === Suggested MBeans ===
  
- Short descriptions of suggested MBeans and the security expectations associated with them.
+ Short descriptions of suggested MBeans and the security expectations associated with them
(partly outdated).
  
  ==== VersionMBean ====
  
@@ -186, +195 @@

      * /!\ Why is '''derby-authc''' included here, to connect to a database '''derby-authc'''
is not required, so why to administer it?
        * Isn't passing '''derby-authc''' required if it has been enabled programmatically,
unless `derby.database.propertiesOnly=true`?
        * No, to connect to a database only database authentication is needed. ('''db-authc'''').
+       * OK, it seems that we have been using different interpretations of '''db-authc'''
(see mail thread #2 above). The terms should probably be redifined before updating these MBean
descriptions.
  
  == JMX Security setups ==
  === Local JMX ===

Mime
View raw message