db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r896613 - in /db/derby/docs/trunk/src: adminguide/ devguide/ ref/
Date Wed, 06 Jan 2010 18:43:48 GMT
Author: chaase3
Date: Wed Jan  6 18:43:46 2010
New Revision: 896613

URL: http://svn.apache.org/viewvc?rev=896613&view=rev
Log:
DERBY-4503: Documentation needs note on purpose of built-in authentication mechanism

Modified 16 topics in trunk.

Patch: DERBY-4503-trunk-2.diff

Modified:
    db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
    db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita
    db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita
    db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita
    db/derby/docs/trunk/src/devguide/rdevcsecure26537.dita
    db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
    db/derby/docs/trunk/src/devguide/rdevcsecureclientexample.dita
    db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthclientex.dita
    db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthembeddedex.dita
    db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthexs.dita
    db/derby/docs/trunk/src/devguide/tdevcsecure81850.dita
    db/derby/docs/trunk/src/devguide/tdevcsecure82556.dita
    db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita
    db/derby/docs/trunk/src/ref/rrefproper13766.dita
    db/derby/docs/trunk/src/ref/rrefproper27355.dita

Modified: db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminappsclientxmp.dita Wed Jan  6 18:43:46 2010
@@ -34,6 +34,11 @@
 <codeblock>derby.connection.requireAuthentication=true
 derby.authentication.provider=BUILTIN
 derby.user.judy=no12see</codeblock></p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 </section>
 <section><title>Example 1</title><p>The following example connects
to the
 default server name localhost on the default port, 1527, and to the database

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita Wed Jan  6 18:43:46 2010
@@ -28,6 +28,11 @@
 </keywords>
 </metadata></prolog>
 <conbody>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>To use the built-in repository, set <i>derby.authentication.provider</i>
to <i>BUILTIN</i>.
 Using built-in users is an alternative to using an external directory service
 such as LDAP.</p>

Modified: db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure42374.dita Wed Jan  6 18:43:46 2010
@@ -45,6 +45,12 @@
 an external directory service elsewhere in your enterprise, create your own
 directory service, or use <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
 simple mechanism for creating a built-in repository of users.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on an
+external directory service such as LDAP or a user-defined class for
+authentication. It is also strongly recommended that production systems protect
+network connections with SSL/TLS.</note>
 <p>You can define a repository of users for a particular database or for an
 entire system, depending on whether you use system-wide or database-wide properties.</p>
 <p>When <ph conref="../conrefs.dita#prod/productshortname"></ph> user authentication

Modified: db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevsetprop824451.dita Wed Jan  6 18:43:46 2010
@@ -46,11 +46,16 @@
 <p>For properties that affect conglomerates, changing the value of such
 properties affects only conglomerates that are created after the change.
 Conglomerates created earlier are unaffected.</p>
-<note>Database-wide properties are stored in the database and are simpler for
+<p><note>Database-wide properties are stored in the database and are simpler
for
 deployment, in the sense that they follow the database. Database-wide properties
 are also recommended for security reasons when you use
 <ph conref="../conrefs.dita#prod/productshortname"></ph> built-in user
 authentication (see <xref href="cdevcsecuree.dita#cdevcsecuree"></xref>).
 System-wide properties can be more practical during the development
-process.</note>
+process.</note></p>
+<p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p>
 </conbody></concept>

Modified: db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure13713.dita Wed Jan  6 18:43:46 2010
@@ -33,7 +33,13 @@
 ended up in an e-mail, only the intended recipient would be able to access
 data in the database. The application developer has decided not to use any
 user authorization features, since each database will accept only a single
-user. In that situation, the default full-access connection mode is acceptable.</p></section>
+user. In that situation, the default full-access connection mode is acceptable.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
+</section>
 <section><p>When creating the database, the application developer encrypts
 the database by using the following connection URL:</p></section>
 <example> <codeblock><b>jdbc:derby:wombat;create=true;dataEncryption=true;

Modified: db/derby/docs/trunk/src/devguide/rdevcsecure26537.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure26537.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure26537.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure26537.dita Wed Jan  6 18:43:46 2010
@@ -28,6 +28,11 @@
 <prolog></prolog>
 <refbody>
 <section>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>This example is a single long program. A similar example that uses the client
 driver, in
 <xref href="rdevcsecureclientexample.dita#rdevcsecureclientexample"></xref>,

Modified: db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure557.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure557.dita Wed Jan  6 18:43:46 2010
@@ -57,7 +57,7 @@
 <row>
 <entry colname="1"><i>derby.user.UserName</i></entry>
 <entry colname="2">Creates a user name and password for the built-in user
-repository in<ph conref="../conrefs.dita#prod/productshortname"></ph>.</entry>
+repository in <ph conref="../conrefs.dita#prod/productshortname"></ph>.</entry>
 </row>
 <row>
 <entry colname="1"><i>java.naming.*</i></entry>
@@ -67,5 +67,12 @@
 </tbody>
 </tgroup>
 </table>
+<section>
+<p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p>
+</section>
 </refbody>
 </reference>

Modified: db/derby/docs/trunk/src/devguide/rdevcsecureclientexample.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecureclientexample.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecureclientexample.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecureclientexample.dita Wed Jan  6 18:43:46 2010
@@ -30,6 +30,11 @@
 <prolog></prolog>
 <refbody>
 <section>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>This example uses one program to set properties and a second program to
 perform database operations. A similar example that uses the embedded
 driver, in

Modified: db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthclientex.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthclientex.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthclientex.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthclientex.dita Wed Jan  6 18:43:46 2010
@@ -29,6 +29,11 @@
 <prolog></prolog>
 <refbody>
 <section>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>This example uses one program to set properties and a second program to
 perform database operations. A similar example that uses the embedded
 driver, in

Modified: db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthembeddedex.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthembeddedex.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthembeddedex.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthembeddedex.dita Wed Jan  6 18:43:46
2010
@@ -28,6 +28,11 @@
 <prolog></prolog>
 <refbody>
 <section>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>This example is a single long program. A similar example that uses the client
 driver, in
 <xref href="rdevcsecuresqlauthclientex.dita#rdevcsecuresqlauthclientex"></xref>,

Modified: db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthexs.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthexs.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthexs.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecuresqlauthexs.dita Wed Jan  6 18:43:46 2010
@@ -28,6 +28,11 @@
 <prolog></prolog>
 <refbody>
 <section>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>These examples are based on the examples in 
 <xref href="rdevcsecureclientexample.dita#rdevcsecureclientexample"></xref> and

 <xref href="rdevcsecure26537.dita#rdevcsecure26537"></xref>.</p>

Modified: db/derby/docs/trunk/src/devguide/tdevcsecure81850.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecure81850.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecure81850.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevcsecure81850.dita Wed Jan  6 18:43:46 2010
@@ -41,7 +41,13 @@
 authorization for the database.</cmd></step>
 <step><cmd>If you are using <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
 built-in users, configure each user as a database-level property so that user
-names and passwords can be encrypted.</cmd></step>
+names and passwords can be encrypted.</cmd>
+<info><p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p></info>
+</step>
 </steps>
 <result></result>
 </taskbody>

Modified: db/derby/docs/trunk/src/devguide/tdevcsecure82556.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecure82556.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecure82556.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevcsecure82556.dita Wed Jan  6 18:43:46 2010
@@ -25,8 +25,9 @@
 <prolog></prolog>
 <taskbody>
 <steps>
-<step><cmd>Configure security features as system properties.  See <cite><ph
-conref="../conrefs.dita#pub/cittuning"></ph></cite>.</cmd></step>
+<step><cmd>Configure security features as system properties.  See
+<xref href="cdevsetprop824451.dita#cdevsetprop824451"></xref> and 
+<xref href="cdevsetprop16827.dita#cdevsetprop16827"></xref>.</cmd></step>
 <step><cmd>Provide administrative-level protection for the <i>derby.properties</i>
file
 and <ph conref="../conrefs.dita#prod/productshortname"></ph> databases. For
 example, you can protect these files and directories with operating system
@@ -35,7 +36,13 @@
 valid user IDs and passwords to access the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system.
 If you are using <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
 built-in users, configure users for the system in the <i>derby.properties</i>
file.
-Provide the protection for this file.</cmd></step>
+Provide the protection for this file.</cmd>
+<info><p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p></info>
+</step>
 <step><cmd>Configure user authorization for sensitive databases in your system.
  Only designated users will be able to access sensitive databases. You typically
 configure user authorization with database-level properties. It is also possible

Modified: db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevdvlp40464.dita Wed Jan  6 18:43:46 2010
@@ -41,6 +41,11 @@
 (that is, username and password) in order to shut down a
 <ph conref="../conrefs.dita#prod/productshortname"></ph> system, and the
 supplied username and password must also be defined at the system level.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>You can also shut down
 an individual database if you specify the <i>databaseName</i>. You can shut
 down the database of the current connection if you specify the default connection

Modified: db/derby/docs/trunk/src/ref/rrefproper13766.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproper13766.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproper13766.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefproper13766.dita Wed Jan  6 18:43:46 2010
@@ -31,10 +31,15 @@
 <p>Legal values include:</p>
 <ul>
 <li>LDAP   <p>An external LDAP directory service.</p></li>
-<li>BUILTIN   <p><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-simple internal user authentication repository.</p></li>
 <li>A complete Java class name   <p>A user-defined class that provides user
 authentication.</p></li>
+<li>BUILTIN   <p><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+simple internal user authentication repository.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></li>
 </ul>
 <p>When using an external authentication service provider (LDAP), you must also
 set:</p>

Modified: db/derby/docs/trunk/src/ref/rrefproper27355.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefproper27355.dita?rev=896613&r1=896612&r2=896613&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefproper27355.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefproper27355.dita Wed Jan  6 18:43:46 2010
@@ -28,7 +28,7 @@
 <refbody>
 <section><title>Function</title>
 <p>Has two uses:</p>
-<ul>
+<p><ul>
 <li>Creates users and passwords when
 <i><xref href="rrefproper13766.dita#rrefproper13766">derby.authentication.provider</xref></i>
 is set to <i>BUILTIN</i>.</li>
@@ -36,7 +36,13 @@
 <i>LDAP</i> and
 <i><xref href="rrefproper37341.dita#rrefproper37341">derby.authentication.ldap.searchFilter</xref></i>
 is set to <i>derby.user</i>.</li>
-</ul></section>
+</ul></p>
+<p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p>
+</section>
 <section><title>Users and Passwords</title>
 <p>This property creates valid clear-text users and passwords within
 <ph conref="../conrefs.dita#prod/productshortname"></ph> when the



Mime
View raw message