db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject svn commit: r633071 - /db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
Date Mon, 03 Mar 2008 12:43:20 GMT
Author: dyre
Date: Mon Mar  3 04:43:19 2008
New Revision: 633071

URL: http://svn.apache.org/viewvc?rev=633071&view=rev
DERBY-3322: Server guide refers to phantom property in template policy file for the Network
Patch contributed by John H. Embretsen
Patch file: d3322v01.diff


Modified: db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita?rev=633071&r1=633070&r2=633071&view=diff
--- db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita Mon Mar  3 04:43:19 2008
@@ -26,13 +26,13 @@
 <context> <p> The Network Server's Basic security policy is documented in
-the secion <xref href="tadminnetservbasic.dita"></xref>. Most likely, you
+the section <xref href="tadminnetservbasic.dita"></xref>. Most likely, you
 will want to customize your own security policy. For example, you might want
 to restrict the server's liberal file i/o permissions which let the server
 backup to and restore from any location in the local file system. Customizing
 the security policy is simple: </p>  <ul>
 <li>A template policy lives in the Derby distribution at <i>demo/templates/server.policy</i>.
-Copy the from this location to your own file, say <i>myCustomized.policy</i>.
+Copy the file from this location to your own file, say <i>myCustomized.policy</i>.
 All of the following edits take place in your custom file.</li>
 <li>Replace the <i>${derby.install.url}</i> variable with the location
 the Derby jars in your local file system.</li>
@@ -40,12 +40,11 @@
 your Derby system directory. Alternatively, rather than replacing this variable,
 you can simply set the value of the <i>derby.system.home</i> system property
 when you boot the server.</li>
-<li>Replace the <i>${derby.security.host}</i> variable with the address
-the  network interface on which the server is listening. Note that the special
-wildcard address "" is not understood by SocketPermission, even though
-Derby accepts this wildcard as a valid value for the -h option of the Network
-Server startup command. If you must grant blanket permission to this wildcard
-address, specify "*" in the policy file.</li>
+<li>You may want to restrict the socket permission for <codeph>derbynet.jar</codeph>,
+which by default accepts connections from any host (<codeph>"*"</codeph>). 
+Note that the special wildcard address <codeph>""</codeph> is not 
+understood by SocketPermission, even though Derby accepts this wildcard as 
+a valid value for accepting connections on all network interfaces (IPv4).</li>
 <li>Refine the file permissions needed by backup/restore, import/export, and
 the loading of application jars.</li>
 </ul>  <p>The following example is a copy of a sample, customized policy file:
@@ -96,7 +95,8 @@
 grant codeBase "file:/usr/local/share/sw/derby/lib/derbynet.jar"
-// This permission lets the Network Server manage connections from clients.
+// This permission lets the Network Server manage connections from clients
+// originating from the localhost, on any port.
   permission java.net.SocketPermission "localhost:0-", "accept"; 

View raw message