db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r896665 - in /db/derby/docs/branches/10.3/src: adminguide/ devguide/ tuning/
Date Wed, 06 Jan 2010 20:53:26 GMT
Author: chaase3
Date: Wed Jan  6 20:53:24 2010
New Revision: 896665

URL: http://svn.apache.org/viewvc?rev=896665&view=rev
Log:
DERBY-4503: Documentation needs note on purpose of built-in authentication mechanism

Modified 10 topics in 10.3 branch.

Patch: DERBY-4503-10.3-2.diff

Modified:
    db/derby/docs/branches/10.3/src/adminguide/radminappsclientxmp.dita
    db/derby/docs/branches/10.3/src/devguide/cdevcsecure21547.dita
    db/derby/docs/branches/10.3/src/devguide/cdevcsecure42374.dita
    db/derby/docs/branches/10.3/src/devguide/rdevcsecure13713.dita
    db/derby/docs/branches/10.3/src/devguide/rdevcsecure26537.dita
    db/derby/docs/branches/10.3/src/devguide/rdevcsecure557.dita
    db/derby/docs/branches/10.3/src/devguide/tdevcsecure81850.dita
    db/derby/docs/branches/10.3/src/devguide/tdevcsecure82556.dita
    db/derby/docs/branches/10.3/src/tuning/rtunproper13766.dita
    db/derby/docs/branches/10.3/src/tuning/rtunproper27355.dita

Modified: db/derby/docs/branches/10.3/src/adminguide/radminappsclientxmp.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/radminappsclientxmp.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/radminappsclientxmp.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/radminappsclientxmp.dita Wed Jan  6 20:53:24
2010
@@ -31,6 +31,11 @@
 <codeblock>derby.connection.requireAuthentication=true
 derby.authentication.provider=BUILTIN
 derby.user.judy=no12see</codeblock></p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 </section>
 <section><title>Example 1</title><p>The following example connects
to the
 default server name localhost on the default port, 1527, and to the database

Modified: db/derby/docs/branches/10.3/src/devguide/cdevcsecure21547.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/cdevcsecure21547.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/cdevcsecure21547.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/cdevcsecure21547.dita Wed Jan  6 20:53:24 2010
@@ -28,6 +28,11 @@
 </keywords>
 </metadata></prolog>
 <conbody>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>To use the built-in repository, set <i>derby.authentication.provider</i>
to <i>BUILTIN</i>.
 Using built-in users is an alternative to using an external directory service
 such as LDAP.</p>

Modified: db/derby/docs/branches/10.3/src/devguide/cdevcsecure42374.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/cdevcsecure42374.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/cdevcsecure42374.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/cdevcsecure42374.dita Wed Jan  6 20:53:24 2010
@@ -45,6 +45,12 @@
 an external directory service elsewhere in your enterprise, create your own
 directory service, or use <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
 simple mechanism for creating a built-in repository of users.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on an
+external directory service such as LDAP or a user-defined class for
+authentication. It is also strongly recommended that production systems protect
+network connections with SSL/TLS.</note>
 <p>You can define a repository of users for a particular database or for an
 entire system, depending on whether you use system-wide or database-wide properties.</p>
 <p>When <ph conref="../conrefs.dita#prod/productshortname"></ph> user authentication

Modified: db/derby/docs/branches/10.3/src/devguide/rdevcsecure13713.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/rdevcsecure13713.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/rdevcsecure13713.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/rdevcsecure13713.dita Wed Jan  6 20:53:24 2010
@@ -33,7 +33,13 @@
 ended up in an e-mail, only the intended recipient would be able to access
 data in the database. The application developer has decided not to use any
 user authorization features, since each database will accept only a single
-user. In that situation, the default full-access connection mode is acceptable.</p></section>
+user. In that situation, the default full-access connection mode is acceptable.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
+</section>
 <section><p>When creating the database, the application developer encrypts
 the database by using the following connection URL:</p></section>
 <example> <codeblock><b>jdbc:derby:wombat;create=true;dataEncryption=true;

Modified: db/derby/docs/branches/10.3/src/devguide/rdevcsecure26537.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/rdevcsecure26537.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/rdevcsecure26537.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/rdevcsecure26537.dita Wed Jan  6 20:53:24 2010
@@ -25,7 +25,13 @@
 built-in user authentication and user authorization.</shortdesc>
 <prolog></prolog>
 <refbody>
-<example> <codeblock>/** 
+<example>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
+<codeblock>/** 
 	  * Turn on built-in user authentication and user authorization. 
 	  * 
 	  * @param conn a connection to the database.

Modified: db/derby/docs/branches/10.3/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/rdevcsecure557.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/rdevcsecure557.dita Wed Jan  6 20:53:24 2010
@@ -57,7 +57,7 @@
 <row>
 <entry colname="1"><i>derby.user.UserName</i></entry>
 <entry colname="2">Creates a user name and password for the built-in user
-repository in<ph conref="../conrefs.dita#prod/productshortname"></ph>.</entry>
+repository in <ph conref="../conrefs.dita#prod/productshortname"></ph>.</entry>
 </row>
 <row>
 <entry colname="1"><i>java.naming.*</i></entry>
@@ -67,5 +67,12 @@
 </tbody>
 </tgroup>
 </table>
+<section>
+<p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p>
+</section>
 </refbody>
 </reference>

Modified: db/derby/docs/branches/10.3/src/devguide/tdevcsecure81850.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/tdevcsecure81850.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/tdevcsecure81850.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/tdevcsecure81850.dita Wed Jan  6 20:53:24 2010
@@ -38,7 +38,13 @@
 authorization for the database.</cmd></step>
 <step><cmd>If you are using <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
 built-in users, configure each user as a database-level property so that user
-names and passwords can be encrypted.</cmd></step>
+names and passwords can be encrypted.</cmd>
+<info><p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p></info>
+</step>
 </steps>
 <result></result>
 </taskbody>

Modified: db/derby/docs/branches/10.3/src/devguide/tdevcsecure82556.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/tdevcsecure82556.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/tdevcsecure82556.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/tdevcsecure82556.dita Wed Jan  6 20:53:24 2010
@@ -35,7 +35,13 @@
 valid user IDs and passwords to access the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system.
 If you are using <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
 built-in users, configure users for the system in the <i>derby.properties</i>
file.
-Provide the protection for this file.</cmd></step>
+Provide the protection for this file.</cmd>
+<info><p><note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p></info>
+</step>
 <step><cmd>Configure user authorization for sensitive databases in your system.
  Only designated users will be able to access sensitive databases. You typically
 configure user authorization with database-level properties. It is also possible

Modified: db/derby/docs/branches/10.3/src/tuning/rtunproper13766.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/tuning/rtunproper13766.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/tuning/rtunproper13766.dita (original)
+++ db/derby/docs/branches/10.3/src/tuning/rtunproper13766.dita Wed Jan  6 20:53:24 2010
@@ -29,10 +29,15 @@
 for <ph conref="../conrefs.dita#prod/productshortname"></ph> user authentication.
</p> <p>Legal
 values include:   <ul>
 <li>LDAP   <p>An external LDAP directory service.</p></li>
-<li>BUILTIN   <p><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
-simple internal user authentication repository.</p></li>
-<li>a complete Java class name   <p>A user-defined class that provides user
+<li>A complete Java class name   <p>A user-defined class that provides user
 authentication.</p></li>
+<li>BUILTIN   <p><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+simple internal user authentication repository.</p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></li>
 </ul></p> <p>When using an external authentication service provider (LDAP),
 you must also set:   <ul>
 <li><i><xref href="rtunproper25581.dita#rtunproper25581">derby.authentication.server</xref></i></li>

Modified: db/derby/docs/branches/10.3/src/tuning/rtunproper27355.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/tuning/rtunproper27355.dita?rev=896665&r1=896664&r2=896665&view=diff
==============================================================================
--- db/derby/docs/branches/10.3/src/tuning/rtunproper27355.dita (original)
+++ db/derby/docs/branches/10.3/src/tuning/rtunproper27355.dita Wed Jan  6 20:53:24 2010
@@ -31,7 +31,13 @@
 <li>Caches user DNs locally when <i><xref href="rtunproper13766.dita#rtunproper13766">derby.authentication.provider</xref></i>
is
 set to <i>LDAP</i> and <i><xref href="rtunproper37341.dita#rtunproper37341">derby.authentication.ldap.searchFilter</xref></i>
is
 set to <i>derby.user</i>.</li>
-</ul></p> </section>
+</ul></p>
+<note type="important"><ph conref="../conrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
+</section>
 <section><title>Users and Passwords</title> <p>This property creates
valid
 clear-text users and passwords within <ph conref="../conrefs.dita#prod/productshortname"></ph>
when
 the <i><xref href="rtunproper13766.dita#rtunproper13766">derby.authentication.provider</xref></i>
property



Mime
View raw message