db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r896710 - in /db/derby/docs/branches/10.1/src: adminguide/ devguide/ tuning/
Date Wed, 06 Jan 2010 23:09:20 GMT
Author: chaase3
Date: Wed Jan  6 23:09:19 2010
New Revision: 896710

URL: http://svn.apache.org/viewvc?rev=896710&view=rev
Log:
DERBY-4503: Documentation needs note on purpose of built-in authentication mechanism

Modified 10 topics in 10.1 branch.

Patch: DERBY-4503-10.1-2.diff

Modified:
    db/derby/docs/branches/10.1/src/adminguide/radminappsclientxmp.dita
    db/derby/docs/branches/10.1/src/devguide/cdevcsecure21547.dita
    db/derby/docs/branches/10.1/src/devguide/cdevcsecure42374.dita
    db/derby/docs/branches/10.1/src/devguide/rdevcsecure13713.dita
    db/derby/docs/branches/10.1/src/devguide/rdevcsecure26537.dita
    db/derby/docs/branches/10.1/src/devguide/rdevcsecure557.dita
    db/derby/docs/branches/10.1/src/devguide/tdevcsecure81850.dita
    db/derby/docs/branches/10.1/src/devguide/tdevcsecure82556.dita
    db/derby/docs/branches/10.1/src/tuning/rtunproper13766.dita
    db/derby/docs/branches/10.1/src/tuning/rtunproper27355.dita

Modified: db/derby/docs/branches/10.1/src/adminguide/radminappsclientxmp.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/adminguide/radminappsclientxmp.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/adminguide/radminappsclientxmp.dita (original)
+++ db/derby/docs/branches/10.1/src/adminguide/radminappsclientxmp.dita Wed Jan  6 23:09:19
2010
@@ -30,6 +30,11 @@
 <codeblock>derby.connection.requireAuthentication=true
 derby.authentication.provider=BUILTIN
 derby.user.judy=no12see</codeblock></p>
+<note type="important"><ph conref="adminconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 </section>
 <section><title>Example 1</title><p>The following example connects
to the
 default server name localhost on the default port, 1527, and to the database

Modified: db/derby/docs/branches/10.1/src/devguide/cdevcsecure21547.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/cdevcsecure21547.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/cdevcsecure21547.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/cdevcsecure21547.dita Wed Jan  6 23:09:19 2010
@@ -26,6 +26,11 @@
 </prolog>
 <conbody>
 <p><ph conref="devconrefs.dita#prod/productshortname"></ph> provides a
simple, built-in repository of user names and passwords. </p>
+<note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <p>To use the built-in repository, set <i>derby.authentication.provider</i>
to <i>BUILTIN</i>. Using built-in users is an alternative
 to using an external directory service such as LDAP.</p>
 <codeblock>derby.authentication.provider=BUILTIN</codeblock>

Modified: db/derby/docs/branches/10.1/src/devguide/cdevcsecure42374.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/cdevcsecure42374.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/cdevcsecure42374.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/cdevcsecure42374.dita Wed Jan  6 23:09:19 2010
@@ -42,6 +42,12 @@
 an external directory service elsewhere in your enterprise, create your own,
 use <ph conref="devconrefs.dita#prod/productshortname"></ph>'s simple mechanism
 for creating a built-in repository of users.</p>
+<note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on an
+external directory service such as LDAP or a user-defined class for
+authentication. It is also strongly recommended that production systems protect
+network connections with SSL/TLS.</note>
 <p>You can define a repository of users for a particular database or for an
 entire system, depending on whether you use system-wide or database-wide properties.
 See <xref href="cdevcsecure12392.dita#cdevcsecure12392"></xref> for more information.</p>

Modified: db/derby/docs/branches/10.1/src/devguide/rdevcsecure13713.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/rdevcsecure13713.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/rdevcsecure13713.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/rdevcsecure13713.dita Wed Jan  6 23:09:19 2010
@@ -31,7 +31,13 @@
 the intended recipient would be able to access data in the database. The application
 developer has decided not to use any user authorization features, since each
 database will accept only a single user. In that situation, the default full-access
-connection mode is acceptable.</p></section>
+connection mode is acceptable.</p>
+<note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
+</section>
 <section><p>When creating the database, the application developer encrypts
 the database by using the following connection URL:</p></section>
 <example> <codeblock><b>jdbc:derby:wombat;create=true;dataEncryption=true;

Modified: db/derby/docs/branches/10.1/src/devguide/rdevcsecure26537.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/rdevcsecure26537.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/rdevcsecure26537.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/rdevcsecure26537.dita Wed Jan  6 23:09:19 2010
@@ -23,6 +23,11 @@
 <section><p>The following two examples from the <i>sample</i> database
 show how to turn on and turn off user authentication using <ph conref="devconrefs.dita#prod/productshortname"></ph>'s
 built-in user authentication and user authorization.</p></section><example>
+<note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
 <codeblock>/** 
 	  * Turn on built-in user authentication and user authorization. 
 	  * 

Modified: db/derby/docs/branches/10.1/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/rdevcsecure557.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/rdevcsecure557.dita Wed Jan  6 23:09:19 2010
@@ -62,5 +62,12 @@
 </tbody>
 </tgroup>
 </table>
+<section>
+<p><note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p>
+</section>
 </refbody>
 </reference>

Modified: db/derby/docs/branches/10.1/src/devguide/tdevcsecure81850.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/tdevcsecure81850.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/tdevcsecure81850.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/tdevcsecure81850.dita Wed Jan  6 23:09:19 2010
@@ -30,4 +30,10 @@
 turn on user authentication for the database and configure user authorization
 for the database.  See <xref href="cdevcsecure42374.dita#cdevcsecure42374"/> and <xref
href="cdevcsecure36595.dita#cdevcsecure36595"/> for more information.</cmd></step>
 <step><cmd>If you are using <ph conref="devconrefs.dita#prod/productshortname"></ph>'s
built-in users, configure each user
-as a database-level property so that user names and passwords can be encrypted.</cmd></step></steps><result/></taskbody></task>
+as a database-level property so that user names and passwords can be encrypted.</cmd>
+<info><p><note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p></info>
+</step></steps><result/></taskbody></task>

Modified: db/derby/docs/branches/10.1/src/devguide/tdevcsecure82556.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/devguide/tdevcsecure82556.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/devguide/tdevcsecure82556.dita (original)
+++ db/derby/docs/branches/10.1/src/devguide/tdevcsecure82556.dita Wed Jan  6 23:09:19 2010
@@ -24,7 +24,13 @@
 no administrative resources, follow the instructions in <xref href="tdevcsecure81850.dita#tdevcsecure81850"/>.</p></context><steps>
 <step><cmd>Configure security features as system properties.  See <cite><ph
conref="devconrefs.dita#pub/cittuning"></ph></cite>.</cmd></step>
 <step><cmd>Provide administrative-level protection for the <i>derby.properties</i>
file and <ph conref="devconrefs.dita#prod/productshortname"></ph> databases. For
example, you can protect these files
-and directories with operating system permissions and firewalls.</cmd></step>
+and directories with operating system permissions and firewalls.</cmd>
+<info><p><note type="important"><ph conref="devconrefs.dita#prod/productshortname"></ph>'s
+built-in authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></p></info>
+</step>
 <step><cmd>Turn on user authentication for your system.  All users must provide
valid
 user IDs and passwords to access the <ph conref="devconrefs.dita#prod/productshortname"></ph>
system. See <xref href="cdevcsecure42374.dita#cdevcsecure42374"/> for information. If
you are using <ph conref="devconrefs.dita#prod/productshortname"></ph>'s built-in
 users, configure users for the system in the <i>derby.properties</i> file. Provide
the protection for this file.</cmd></step>

Modified: db/derby/docs/branches/10.1/src/tuning/rtunproper13766.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/tuning/rtunproper13766.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/tuning/rtunproper13766.dita (original)
+++ db/derby/docs/branches/10.1/src/tuning/rtunproper13766.dita Wed Jan  6 23:09:19 2010
@@ -28,10 +28,15 @@
 for <ph conref="tunconrefs.dita#prod/productshortname"></ph> user authentication.
</p> <p>Legal
 values include:   <ul>
 <li>LDAP   <p>An external LDAP directory service.</p></li>
-<li>BUILTIN   <p><ph conref="tunconrefs.dita#prod/productshortname"></ph>'s
-simple internal user authentication repository.</p></li>
-<li>a complete Java class name   <p>A user-defined class that provides user
+<li>A complete Java class name   <p>A user-defined class that provides user
 authentication.</p></li>
+<li>BUILTIN   <p><ph conref="tunconrefs.dita#prod/productshortname"></ph>'s
+simple internal user authentication repository.</p>
+<note type="important"><ph conref="tunconrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note></li>
 </ul></p> <p>When using an external authentication service provider (LDAP),
 you must also set:   <ul>
 <li><i><xref href="rtunproper25581.dita#rtunproper25581">derby.authentication.server</xref></i></li>

Modified: db/derby/docs/branches/10.1/src/tuning/rtunproper27355.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.1/src/tuning/rtunproper27355.dita?rev=896710&r1=896709&r2=896710&view=diff
==============================================================================
--- db/derby/docs/branches/10.1/src/tuning/rtunproper27355.dita (original)
+++ db/derby/docs/branches/10.1/src/tuning/rtunproper27355.dita Wed Jan  6 23:09:19 2010
@@ -30,7 +30,13 @@
 <li>Caches user DNs locally when <i><xref href="rtunproper13766.dita#rtunproper13766">derby.authentication.provider</xref></i>
is
 set to <i>LDAP</i> and <i><xref href="rtunproper37341.dita#rtunproper37341">derby.authentication.ldap.searchFilter</xref></i>
is
 set to <i>derby.user</i>.</li>
-</ul></p> </section>
+</ul></p>
+<note type="important"><ph conref="tunconrefs.dita#prod/productshortname"></ph>'s
+BUILTIN authentication mechanism is suitable only for development and testing
+purposes. It is strongly recommended that production systems rely on LDAP or a
+user-defined class for authentication. It is also strongly recommended that
+production systems protect network connections with SSL/TLS.</note>
+</section>
 <section><title>Users and Passwords</title> <p>This property creates
valid
 clear-text users and passwords within <ph conref="tunconrefs.dita#prod/productshortname"></ph>
when
 the <i><xref href="rtunproper13766.dita#rtunproper13766">derby.authentication.provider</xref></i>
property



Mime
View raw message