db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1481877 - in /db/derby/docs/branches/10.10/src: adminguide/tadminnetservbasic.dita adminguide/tadminnetservcustom.dita devguide/cdevbabejgjd.dita devguide/rdevcsecure871406.dita devguide/rdevcsecure871422.dita devguide/rdevcsecure871439.dita
Date Mon, 13 May 2013 14:34:15 GMT
Author: chaase3
Date: Mon May 13 14:34:15 2013
New Revision: 1481877

URL: http://svn.apache.org/r1481877
Log:
DERBY-6160  Fixes needed to documentation topics on security policy permissions 

Merged patch DERBY-6160-4.diff to 10.10 doc branch from trunk revision 1481853.

Modified:
    db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita
    db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita
    db/derby/docs/branches/10.10/src/devguide/cdevbabejgjd.dita
    db/derby/docs/branches/10.10/src/devguide/rdevcsecure871406.dita
    db/derby/docs/branches/10.10/src/devguide/rdevcsecure871422.dita
    db/derby/docs/branches/10.10/src/devguide/rdevcsecure871439.dita

Modified: db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita?rev=1481877&r1=1481876&r2=1481877&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita (original)
+++ db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita Mon May 13 14:34:15
2013
@@ -55,136 +55,133 @@ you will want to restrict the server's l
 let the server backup/restore and export/import to or from any location in the local file
system.
 For details on how to customize the Template policy, please see <xref href="tadminnetservcustom.dita"></xref>.
 The following example is a copy of the Basic policy: </p>
-<codeblock>//
-// This template policy file gives examples of how to configure the
+<codeblock>// This template policy file gives examples of how to configure the
 // permissions needed to run a Derby network server with the Java
 // Security manager.
 //
 grant codeBase "${derby.install.url}derby.jar"
 {
-//
-// These permissions are needed for everyday, embedded Derby usage.
-//
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.util.PropertyPermission "user.dir", "read";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
+
   // The next two properties are used to determine if the VM is 32 or 64
   // bit.
   permission java.util.PropertyPermission "sun.arch.data.model", "read";
   permission java.util.PropertyPermission "os.arch", "read";
+
   permission java.io.FilePermission "${derby.system.home}","read";
   permission java.io.FilePermission "${derby.system.home}${/}-", 
       "read,write,delete";
 
-//
-// This permission lets a DBA reload the policy file while the server
-// is still running. The policy file is reloaded by invoking the
-// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
-//
+  // This permission lets a DBA reload the policy file while the server
+  // is still running. The policy file is reloaded by invoking the
+  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
+  //
   permission java.security.SecurityPermission "getPolicy";
 
-//
-// This permission lets you backup and restore databases
-// to and from arbitrary locations in your file system.
-//
-// This permission also lets you import/export data to and from
-// arbitrary locations in your file system.
-//
-// You may want to restrict this access to specific directories.
-//
+  // This permission lets you backup and restore databases
+  // to and from arbitrary locations in your file system.
+  //
+  // This permission also lets you import/export data to and from
+  // arbitrary locations in your file system.
+  //
+  // You may want to restrict this access to specific directories.
+  //
   permission java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;",
       "read,write,delete";
 
-
-//
-// Permissions needed for JMX based management and monitoring, which is
-// only available for JVMs supporting "platform management", that is
-// Java SE 5.0 or better.
-//
-// Allows this code to create an MBeanServer:
-//
+  // Permissions needed for JMX based management and monitoring, which is
+  // only available for JVMs supporting "platform management", that is
+  // Java SE 5.0 or better.
+  //
+  // Allows this code to create an MBeanServer:
+  //
   permission javax.management.MBeanServerPermission "createMBeanServer";
-//
-// Allows access to Derby's built-in MBeans, within the domain
-// org.apache.derby.
-// Derby must be allowed to register and unregister these MBeans.
-// It is possible to allow access only to specific MBeans, attributes or 
-// operations. To fine tune this permission, see the javadoc of 
-// javax.management.MBeanPermission or the JMX Instrumentation and Agent 
-// Specification. 
-//
+  //
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.
+  // Derby must be allowed to register and unregister these MBeans.
+  // It is possible to allow access only to specific MBeans, attributes 
+  // or operations. To fine tune this permission, see the javadoc of 
+  // javax.management.MBeanPermission or the JMX Instrumentation and 
+  // Agent Specification. 
+  //
   permission javax.management.MBeanPermission 
       "org.apache.derby.*#[org.apache.derby:*]",
       "registerMBean,unregisterMBean";
-//
-// Trusts Derby code to be a source of MBeans and to register these in
-// the MBean server.
-//
+  //
+  // Trusts Derby code to be a source of MBeans and to register these in
+  // the MBean server.
+  //
   permission javax.management.MBeanTrustPermission "register";
 
   // getProtectionDomain is an optional permission needed for printing
   // classpath information to derby.log
   permission java.lang.RuntimePermission "getProtectionDomain";
 
-  //
   // The following permission must be granted for
   // Connection.abort(Executor) to work. Note that this permission
   // must also be granted to outer (application) code domains.
   //
   permission java.sql.SQLPermission "callAbort";
+
+  // Needed by file permissions restriction system:
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
 };
 
 grant codeBase "${derby.install.url}derbynet.jar"
 {
-//
-// This permission lets the Network Server manage connections from
-// clients.
-//
-
-// Accept connections from any host. Derby is listening to the host
-// interface specified via the -h option to "NetworkServerControl
-// start" on the command line, via the address parameter to the
-// org.apache.derby.drda.NetworkServerControl constructor in the API
-// or via the property derby.drda.host; the default is localhost.
-// You may want to restrict allowed hosts, e.g. to hosts in a specific
-// subdomain, e.g. "*.example.com".
+  // This permission lets the Network Server manage connections from
+  // clients.
 
+  // Accept connections from any host. Derby is listening to the host
+  // interface specified via the -h option to "NetworkServerControl
+  // start" on the command line, via the address parameter to the
+  // org.apache.derby.drda.NetworkServerControl constructor in the API
+  // or via the property derby.drda.host; the default is localhost.
+  // You may want to restrict allowed hosts, e.g. to hosts in a specific
+  // subdomain, e.g. "*.example.com".
   permission java.net.SocketPermission "*", "accept"; 
 
-//
-// Needed for server tracing.
-//
+  // Needed for server tracing.
+  //
   permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
       "read,write,delete";
 
-//
-// JMX: Uncomment this permission to allow the ping operation of the 
-//      NetworkServerMBean to connect to the Network Server.
-//permission java.net.SocketPermission "*", "connect,resolve";
-
-
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files.
-//
-// In this template file, this block of permissions is granted
-// to derbynet.jar under the assumption that derbynet.jar is
-// the first jar file in your classpath which contains the
-// sysinfo classes. If that is not the case, then you will want
-// to grant this block of permissions to the first jar file
-// in your classpath which contains the sysinfo classes.
-// Those classes are bundled into the following Derby
-// jar files:
-//
-//    derbynet.jar
-//    derby.jar
-//    derbyclient.jar
-//    derbytools.jar
-//
+  // Needed by file permissions restriction system:
+  //
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  permission java.util.PropertyPermission 
+      "derby.__serverStartedFromCmdLine", "read, write";
+
+  // JMX: Uncomment this permission to allow the ping operation of the 
+  //      NetworkServerMBean to connect to the Network Server.
+  //permission java.net.SocketPermission "*", "connect,resolve";
+
+  // Needed by sysinfo. The file permission is needed to
+  // check the existence of jars on the classpath. You can
+  // limit this permission to just the locations which hold
+  // your jar files.
+  //
+  // In this template file, this block of permissions is granted
+  // to derbynet.jar under the assumption that derbynet.jar is
+  // the first jar file in your classpath which contains the
+  // sysinfo classes. If that is not the case, then you will want
+  // to grant this block of permissions to the first jar file
+  // in your classpath which contains the sysinfo classes.
+  // Those classes are bundled into the following Derby
+  // jar files:
+  //
+  //    derbynet.jar
+  //    derby.jar
+  //    derbyclient.jar
+  //    derbytools.jar
+  //
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";

Modified: db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita?rev=1481877&r1=1481876&r2=1481877&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita (original)
+++ db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita Mon May 13 14:34:15
2013
@@ -28,91 +28,209 @@ limitations under the License.
 <context> <p> The Network Server's Basic security policy is documented in
 the section <xref href="tadminnetservbasic.dita"></xref>. Most likely, you
 will want to customize your own security policy. For example, you might want
-to restrict the server's liberal file i/o permissions which let the server
-backup/restore and export/import to or from any location in the local file system. Customizing
-the security policy is simple: </p>  <ul>
-<li>A template policy lives in the Derby distribution at <i>demo/templates/server.policy</i>.
+to restrict the server's liberal file I/O permissions, which let the server
+backup/restore and export/import to or from any location in the local file 
+system. Customizing the security policy is simple: </p>
+<ol>
+<li>A template policy lives in the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> distribution at
+<i>demo/templates/server.policy</i>.
 Copy the file from this location to your own file, say <i>myCustomized.policy</i>.
 All of the following edits take place in your custom file.</li>
 <li>Replace the <i>${derby.install.url}</i> variable with the location
of
-the Derby jars in your local file system.</li>
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> jars in your local
+file system.</li>
 <li>Replace the <i>${derby.system.home}</i> variable with the location
of
-your Derby system directory. Alternatively, rather than replacing this variable,
-you can simply set the value of the <i>derby.system.home</i> system property
-when you boot the server.</li>
-<li>You must grant <i>java.net.SocketPermission</i> to
-<codeph>derby.jar</codeph> if you are using LDAP authentication, so
-that the Derby code is allowed to contact the LDAP server to perform
-the authentication.</li>
+your <ph conref="../conrefs.dita#prod/productshortname"></ph> system directory.
+Alternatively, rather than replacing this variable, you can simply set the value
+of the <i>derby.system.home</i> system property when you boot the server.</li>
+<li>Replace the <i>${derby.drda.traceDirectory}</i> variable with the location
+of your server trace file if you plan to use tracing.</li>
+<li>Grant <i>java.net.SocketPermission</i> to <codeph>derby.jar</codeph>
if you
+are using LDAP authentication, so that the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> code is allowed to
+contact the LDAP server to perform the authentication.</li>
 <li>You may want to restrict the socket permission for <codeph>derbynet.jar</codeph>,
 which by default accepts connections from any host (<codeph>"*"</codeph>). 
 Note that the special wildcard address <codeph>"0.0.0.0"</codeph> is not 
-understood by SocketPermission, even though Derby accepts this wildcard as 
-a valid value for accepting connections on all network interfaces (IPv4).</li>
+understood by SocketPermission, even though
+<ph conref="../conrefs.dita#prod/productshortname"></ph> accepts this wildcard
+as a valid value for accepting connections on all network interfaces
+(IPv4).</li>
 <li>Refine the file permissions needed by backup/restore, import/export, and
 the loading of application jars.</li>
-</ul>  <p>The following example is a copy of a sample, customized policy file:
</p> 
+</ol>
+<p>The following example is a copy of a sample customized policy file: </p> 
  <codeblock>
 grant codeBase "file:/usr/local/share/sw/derby/lib/derby.jar"
 {
-//
-// These permissions are needed for everyday, embedded Derby usage.
-//
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
-  // The next two properties are used to determine if the VM is 32 or 64 bit.
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // The next two properties are used to determine if the VM is 32 or
+  // 64 bit.
+  //
   permission java.util.PropertyPermission "sun.arch.data.model", "read";
   permission java.util.PropertyPermission "os.arch", "read";
-  permission java.util.PropertyPermission "user.dir", "read";
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/databases","read";
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/databases/-", 
-      "read,write,delete";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
-
-//
-// This permission lets a DBA reload the policy file while the server
-// is still running. The policy file is reloaded by invoking the
-// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
-//
+
+  // Customized to actual location of derby.system.home:
+  //
+  permission java.io.FilePermission
+      "/usr/local/shoppingCartApp/databases", "read";
+  permission java.io.FilePermission
+      "/usr/local/shoppingCartApp/databases/-", "read,write,delete";
+
+  // This permission lets a DBA reload the policy file while the server
+  // is still running. The policy file is reloaded by invoking the
+  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
+  //
   permission java.security.SecurityPermission "getPolicy";
 
-//
-// This permission lets you backup and restore databases
-// to and from a selected branch of the local file system:
-//
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/backups/-", "read,write,delete";
-//
-// This permission lets you import data from
-// a selected branch of the local file system:
-//
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/imports/-", "read";
-//
-// This permission lets you export data to
-// a selected branch of the local file system:
-//
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/exports/-", "write";
-//
-// This permission lets you load your databases with jar files of
-// application code
-//
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*", "read";
+  // This permission lets you backup and restore databases
+  // to and from a selected branch of the local file system:
+  //
+  permission java.io.FilePermission
+    "/usr/local/shoppingCartApp/backups/-", "read,write,delete";
+
+  // This permission lets you import data from
+  // a selected branch of the local file system:
+  //
+  permission java.io.FilePermission
+      "/usr/local/shoppingCartApp/imports/-", "read";
 
-// LDAP server on localhost using default LDAP port 389:
-  permission java.net.SocketPermission "localhost:389", "connect,resolve";  
+  // This permission lets you export data to
+  // a selected branch of the local file system:
+  //
+  permission java.io.FilePermission
+      "/usr/local/shoppingCartApp/exports/-", "write";
+
+  // This permission lets you load your databases with jar files of
+  // application code
+  //
+  permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*",
+      "read";
+
+  // LDAP server on localhost using default LDAP port 389:
+  //
+  permission java.net.SocketPermission "localhost:389",
+      "connect,resolve";  
+
+  // Permissions needed for JMX based management and monitoring.
+  // Uncomment the following MBeanServerPermission, MBeanPermission and
+  // MBeanTrustPermission if you need JMX monitoring. Consider the
+  // security implications before you open up for JMX
+  // monitoring.
+  //
+  // Allows this code to create an MBeanServer:
+  //
+  // permission javax.management.MBeanServerPermission 
+  //     "createMBeanServer";
+  //
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby. Derby must be allowed to register and unregister
+  // these MBeans. It is possible to allow access only to specific
+  // MBeans, attributes or operations. To fine-tune this permission, see
+  // the API documentation for javax.management.MBeanPermission or the
+  // JMX Instrumentation and Agent Specification:
+  //
+  // permission javax.management.MBeanPermission
+  //     "org.apache.derby.*#[org.apache.derby:*]", 
+  //     "registerMBean, unregisterMBean";
+  //
+  // Trusts Derby code to be a source of MBeans and to register these
+  // in the MBean server:
+  //
+  // permission javax.management.MBeanTrustPermission "register";
+  
+  // getProtectionDomain is an optional permission needed for printing
+  // classpath information to derby.log. Consider if this could be a 
+  // security risk before enabling it.
+  //
+  // permission java.lang.RuntimePermission "getProtectionDomain";
+  
+  // The following permission must be granted for
+  // Connection.abort(Executor) to work. Note that this permission must
+  // also be granted to outer (application) code domains.
+  // Uncomment this permission if you plan to use Connection.abort.
+  //
+  // permission java.sql.SQLPermission "callAbort";
+  
+  // Needed by file permissions restriction system (see the
+  // documentation for derby.storage.useDefaultFilePermissions in the
+  // Reference Manual). Consider restricting the database file-level
+  // permissions for security.
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
 };
 
 grant codeBase "file:/usr/local/share/sw/derby/lib/derbynet.jar"
 {
-//
-// This permission lets the Network Server manage connections from clients
-// originating from the localhost, on any port.
-//
+  // This permission lets the Network Server manage connections from
+  // clients originating from the localhost, on any port. Consider the
+  // security implications before you open up database connections
+  // from other hosts.
+  //
   permission java.net.SocketPermission "localhost:0-", "accept"; 
+
+  // Needed for server tracing.
+  //
+  permission java.io.FilePermission 
+      "/usr/local/shoppingCartApp/trace/-", "read,write,delete";
+  
+  // Needed by file permissions restriction system:
+  //
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+  // Mandatory if running with a customized policy file.
+  //
+  permission java.util.PropertyPermission 
+      "derby.__serverStartedFromCmdLine", "read, write";
+  
+  //
+  // JMX: Uncomment this permission to allow the ping operation of the 
+  //      NetworkServerMBean to connect to the Network Server.
+  //
+  // permission java.net.SocketPermission "*", "connect,resolve";
+  
+  // Needed by the sysinfo tool only. You may want to remove the
+  // block of permissions below if you don't plan to use it. The file 
+  // permission is needed to check the existence of jars on the
+  // classpath. You can limit this permission to just the locations
+  // which hold your jar files.
+  //
+  // This block of permissions is granted to derbynet.jar under the
+  // assumption that derbynet.jar is the first jar file in your
+  // classpath which contains the sysinfo classes. If that is not the
+  // case, then you will want to grant this block of permissions to
+  // the first jar file in your classpath which contains the sysinfo
+  // classes.  Those classes are bundled into the following Derby jar
+  // files:
+  //
+  //    derbynet.jar
+  //    derby.jar
+  //    derbyclient.jar
+  //    derbytools.jar
+  //
+  permission java.util.PropertyPermission "user.*", "read";
+  permission java.util.PropertyPermission "java.home", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission java.io.FilePermission 
+      "/usr/local/shoppingCartApp/jars/-", "read";
+  permission java.io.FilePer mission "java.runtime.version", "read";
+  permission java.io.FilePermission "java.fullversion", "read";
 };
 </codeblock>  <p> After customizing the Basic policy, you may bring up the
 Network Server as follows: </p>  <codeblock>
-java -Djava.security.manager -Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy
org.apache.derby.drda.NetworkServerControl start -h localhost
+java -Djava.security.manager \
+-Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy \
+org.apache.derby.drda.NetworkServerControl start -h localhost
 </codeblock>  </context>
 </taskbody>
 </task>

Modified: db/derby/docs/branches/10.10/src/devguide/cdevbabejgjd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/devguide/cdevbabejgjd.dita?rev=1481877&r1=1481876&r2=1481877&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/devguide/cdevbabejgjd.dita (original)
+++ db/derby/docs/branches/10.10/src/devguide/cdevbabejgjd.dita Mon May 13 14:34:15 2013
@@ -44,15 +44,6 @@ in the database.</dd>
 individual <ph conref="../conrefs.dita#prod/productshortname"></ph> properties
 set in the JVM machine's system set. If the action is denied, properties in the JVM machine's
 system set are ignored.</dd>
-</dlentry><dlentry>
-<dt>permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
-"write"</dt>
-<dd>This property is used by Derby to prevent the accidental boot of the database
-by two class loaders. If the database is booted by two class loaders, database
-corruption can occur. 
-If write permission for this property is not granted, a message is printed
-to the log file which indicates that the <ph conref="../conrefs.dita#prod/productshortname"></ph>
database
-is not protected from dual boot and possible corruption.</dd>
 </dlentry></dl></section>
 <section><title>Database access permissions</title><dl><dlentry>
 <dt>permission java.io.FilePermission "directory${/}/-", "read,write,delete"</dt>
@@ -117,6 +108,18 @@ errors and when the <i>derby.stream.erro
 is set. See the documentation of this property in the
 <ph conref="../conrefs.dita#pub/citref"></ph> for details.</dd>
 </dlentry><dlentry>
+<dt>permission java.lang.RuntimePermission "accessUserInformation";</dt>
+<dt>permission java.lang.RuntimePermission "getFileStoreAttributes";</dt>
+<dd>These two permissions are needed when you are running with JDK 7 or higher
+and when the secure file mask settings are active (that is, when
+<i>derby.storage.useDefaultFilePermissions</i> is set to false, or when the
+server has been started from the command line (in which case secure file mask
+settings are active by default).</dd>
+</dlentry><dlentry>
+<dt>permission java.lang.RuntimePermission "getProtectionDomain";</dt>
+<dd>This permission is needed if you want classpath information to be printed to
+<i>derby.log</i>.</dd>
+</dlentry><dlentry>
 <dt>permission javax.management.MBeanServerPermission "createMBeanServer";</dt>
 <dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> to
create an
 MBean server. If the JVM running

Modified: db/derby/docs/branches/10.10/src/devguide/rdevcsecure871406.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/devguide/rdevcsecure871406.dita?rev=1481877&r1=1481876&r2=1481877&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/devguide/rdevcsecure871406.dita (original)
+++ db/derby/docs/branches/10.10/src/devguide/rdevcsecure871406.dita Mon May 13 14:34:15 2013
@@ -22,12 +22,12 @@ limitations under the License.
 <title>Java security policy file example 1</title>
 <prolog></prolog>
 <refbody>
-<example> <codeblock><b>/* Grants permission to run <ph conref="../conrefs.dita#prod/productshortname"></ph>
and access all      */
-/* databases under the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system home              */
-/* when it is specified by the system property             */
-/* <ph conref="../conrefs.dita#prod/productshortname"></ph>.system.home     
                                  */
+<example> <codeblock><b>/* Grants permission to run <ph conref="../conrefs.dita#prod/productshortname"></ph>
and access all       */
+/* databases under the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system home               */
+/* when it is specified by the system property         */
+/* derby.system.home                                   */
 
-/* Note <ph conref="../conrefs.dita#prod/productshortname"></ph>.system.home
must be an absolute pathname */</b>
+/* Note derby.system.home must be an absolute pathname */</b>
 
 grant codeBase "file://f:/<ph conref="../conrefs.dita#prod/productlowercase"></ph>/lib/derby.jar"
{
 
@@ -36,8 +36,6 @@ grant codeBase "file://f:/<ph conref="..
   permission.java.io.FilePermission "${derby.system.home}","read";
   permission java.io.FilePermission "${derby.system.home}${/}
      -", "read,write,delete";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-     "write"; 
 };</codeblock></example>
 </refbody>
 </reference>

Modified: db/derby/docs/branches/10.10/src/devguide/rdevcsecure871422.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/devguide/rdevcsecure871422.dita?rev=1481877&r1=1481876&r2=1481877&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/devguide/rdevcsecure871422.dita (original)
+++ db/derby/docs/branches/10.10/src/devguide/rdevcsecure871422.dita Mon May 13 14:34:15 2013
@@ -22,10 +22,9 @@ limitations under the License.
 <title>Java security policy file example 2</title>
 <prolog></prolog>
 <refbody>
-<example> <codeblock><b>/* Grants permission to run <ph conref="../conrefs.dita#prod/productshortname"></ph>
and access all      */
-/* databases under the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system home              */
-/* when it defaults to the current directory               */</b>
-
+<example> <codeblock><b>/* Grants permission to run <ph conref="../conrefs.dita#prod/productshortname"></ph>
and access all */
+/* databases under the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system home         */
+/* when it defaults to the current directory     */</b>
 
 grant codeBase "file://f:/<ph conref="../conrefs.dita#prod/productlowercase"></ph>/lib/derby.jar"
{
   permission java.lang.RuntimePermission "createClassLoader";
@@ -34,9 +33,6 @@ grant codeBase "file://f:/<ph conref="..
   permission java.io.FilePermission "${derby.system.home}","read";
   permission java.io.FilePermission "${user.dir}${/}-",
       "read,write,delete";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
-
 };</codeblock></example>
 </refbody>
 </reference>

Modified: db/derby/docs/branches/10.10/src/devguide/rdevcsecure871439.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/devguide/rdevcsecure871439.dita?rev=1481877&r1=1481876&r2=1481877&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/devguide/rdevcsecure871439.dita (original)
+++ db/derby/docs/branches/10.10/src/devguide/rdevcsecure871439.dita Mon May 13 14:34:15 2013
@@ -22,10 +22,10 @@ limitations under the License.
 <title>Java security policy file example 3</title>
 <prolog></prolog>
 <refbody>
-<example> <codeblock><b>/* Grants permission to run <ph conref="../conrefs.dita#prod/productshortname"></ph>
and access a single */
-/* database (salesdb) under the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system home     */
+<example> <codeblock><b>/* Grants permission to run <ph conref="../conrefs.dita#prod/productshortname"></ph>
and access a single  */
+/* database (salesdb) under the <ph conref="../conrefs.dita#prod/productshortname"></ph>
system home      */
 
-/* Note <ph conref="../conrefs.dita#prod/productshortname"></ph>.system.home
must be an absolute pathname */</b>
+/* Note derby.system.home must be an absolute pathname */</b>
 
 grant codeBase "file://f:/<ph conref="../conrefs.dita#prod/productlowercase"></ph>/lib/derby.jar"
{
 
@@ -36,10 +36,6 @@ grant codeBase "file://f:/<ph conref="..
       "read,write,delete";
   permission java.io.FilePermission "${derby.system.home}${/}
       salesdb${/}-", "read,write,delete";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
-
-
 }; </codeblock></example>
 </refbody>
 </reference>



Mime
View raw message