Return-Path:
X-Original-To: apmail-db-derby-commits-archive@www.apache.org
Delivered-To: apmail-db-derby-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id C48FCF940
for ;
Mon, 13 May 2013 14:25:45 +0000 (UTC)
Received: (qmail 46277 invoked by uid 500); 13 May 2013 13:59:04 -0000
Delivered-To: apmail-db-derby-commits-archive@db.apache.org
Received: (qmail 46133 invoked by uid 500); 13 May 2013 13:59:00 -0000
Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm
Precedence: bulk
list-help:
list-unsubscribe:
List-Post:
Reply-To: "Derby Development"
List-Id:
Delivered-To: mailing list derby-commits@db.apache.org
Received: (qmail 46085 invoked by uid 99); 13 May 2013 13:58:59 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 May 2013 13:58:59 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 May 2013 13:58:57 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id 0269C2388906;
Mon, 13 May 2013 13:58:37 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1481853 - in /db/derby/docs/trunk/src:
adminguide/tadminnetservbasic.dita adminguide/tadminnetservcustom.dita
devguide/cdevbabejgjd.dita devguide/rdevcsecure871406.dita
devguide/rdevcsecure871422.dita devguide/rdevcsecure871439.dita
Date: Mon, 13 May 2013 13:58:36 -0000
To: derby-commits@db.apache.org
From: chaase3@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20130513135837.0269C2388906@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: chaase3
Date: Mon May 13 13:58:36 2013
New Revision: 1481853
URL: http://svn.apache.org/r1481853
Log:
DERBY-6160 Fixes needed to documentation topics on security policy permissions
Modified 2 Admin Guide topics and 4 Developer's Guide topics.
Patch: DERBY-6160-4.diff
Modified:
db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita
db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita
db/derby/docs/trunk/src/devguide/rdevcsecure871406.dita
db/derby/docs/trunk/src/devguide/rdevcsecure871422.dita
db/derby/docs/trunk/src/devguide/rdevcsecure871439.dita
Modified: db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita?rev=1481853&r1=1481852&r2=1481853&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita Mon May 13 13:58:36 2013
@@ -55,136 +55,133 @@ you will want to restrict the server's l
let the server backup/restore and export/import to or from any location in the local file system.
For details on how to customize the Template policy, please see .
The following example is a copy of the Basic policy:
-//
-// This template policy file gives examples of how to configure the
+// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase "${derby.install.url}derby.jar"
{
-//
-// These permissions are needed for everyday, embedded Derby usage.
-//
+ // These permissions are needed for everyday, embedded Derby usage.
+ //
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
- permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
- "write";
+
// The next two properties are used to determine if the VM is 32 or 64
// bit.
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.util.PropertyPermission "os.arch", "read";
+
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
-//
-// This permission lets a DBA reload the policy file while the server
-// is still running. The policy file is reloaded by invoking the
-// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
-//
+ // This permission lets a DBA reload the policy file while the server
+ // is still running. The policy file is reloaded by invoking the
+ // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
+ //
permission java.security.SecurityPermission "getPolicy";
-//
-// This permission lets you backup and restore databases
-// to and from arbitrary locations in your file system.
-//
-// This permission also lets you import/export data to and from
-// arbitrary locations in your file system.
-//
-// You may want to restrict this access to specific directories.
-//
+ // This permission lets you backup and restore databases
+ // to and from arbitrary locations in your file system.
+ //
+ // This permission also lets you import/export data to and from
+ // arbitrary locations in your file system.
+ //
+ // You may want to restrict this access to specific directories.
+ //
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
-
-//
-// Permissions needed for JMX based management and monitoring, which is
-// only available for JVMs supporting "platform management", that is
-// Java SE 5.0 or better.
-//
-// Allows this code to create an MBeanServer:
-//
+ // Permissions needed for JMX based management and monitoring, which is
+ // only available for JVMs supporting "platform management", that is
+ // Java SE 5.0 or better.
+ //
+ // Allows this code to create an MBeanServer:
+ //
permission javax.management.MBeanServerPermission "createMBeanServer";
-//
-// Allows access to Derby's built-in MBeans, within the domain
-// org.apache.derby.
-// Derby must be allowed to register and unregister these MBeans.
-// It is possible to allow access only to specific MBeans, attributes or
-// operations. To fine tune this permission, see the javadoc of
-// javax.management.MBeanPermission or the JMX Instrumentation and Agent
-// Specification.
-//
+ //
+ // Allows access to Derby's built-in MBeans, within the domain
+ // org.apache.derby.
+ // Derby must be allowed to register and unregister these MBeans.
+ // It is possible to allow access only to specific MBeans, attributes
+ // or operations. To fine tune this permission, see the javadoc of
+ // javax.management.MBeanPermission or the JMX Instrumentation and
+ // Agent Specification.
+ //
permission javax.management.MBeanPermission
"org.apache.derby.*#[org.apache.derby:*]",
"registerMBean,unregisterMBean";
-//
-// Trusts Derby code to be a source of MBeans and to register these in
-// the MBean server.
-//
+ //
+ // Trusts Derby code to be a source of MBeans and to register these in
+ // the MBean server.
+ //
permission javax.management.MBeanTrustPermission "register";
// getProtectionDomain is an optional permission needed for printing
// classpath information to derby.log
permission java.lang.RuntimePermission "getProtectionDomain";
- //
// The following permission must be granted for
// Connection.abort(Executor) to work. Note that this permission
// must also be granted to outer (application) code domains.
//
permission java.sql.SQLPermission "callAbort";
+
+ // Needed by file permissions restriction system:
+ permission java.lang.RuntimePermission "accessUserInformation";
+ permission java.lang.RuntimePermission "getFileStoreAttributes";
};
grant codeBase "${derby.install.url}derbynet.jar"
{
-//
-// This permission lets the Network Server manage connections from
-// clients.
-//
-
-// Accept connections from any host. Derby is listening to the host
-// interface specified via the -h option to "NetworkServerControl
-// start" on the command line, via the address parameter to the
-// org.apache.derby.drda.NetworkServerControl constructor in the API
-// or via the property derby.drda.host; the default is localhost.
-// You may want to restrict allowed hosts, e.g. to hosts in a specific
-// subdomain, e.g. "*.example.com".
+ // This permission lets the Network Server manage connections from
+ // clients.
+ // Accept connections from any host. Derby is listening to the host
+ // interface specified via the -h option to "NetworkServerControl
+ // start" on the command line, via the address parameter to the
+ // org.apache.derby.drda.NetworkServerControl constructor in the API
+ // or via the property derby.drda.host; the default is localhost.
+ // You may want to restrict allowed hosts, e.g. to hosts in a specific
+ // subdomain, e.g. "*.example.com".
permission java.net.SocketPermission "*", "accept";
-//
-// Needed for server tracing.
-//
+ // Needed for server tracing.
+ //
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
"read,write,delete";
-//
-// JMX: Uncomment this permission to allow the ping operation of the
-// NetworkServerMBean to connect to the Network Server.
-//permission java.net.SocketPermission "*", "connect,resolve";
-
-
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files.
-//
-// In this template file, this block of permissions is granted
-// to derbynet.jar under the assumption that derbynet.jar is
-// the first jar file in your classpath which contains the
-// sysinfo classes. If that is not the case, then you will want
-// to grant this block of permissions to the first jar file
-// in your classpath which contains the sysinfo classes.
-// Those classes are bundled into the following Derby
-// jar files:
-//
-// derbynet.jar
-// derby.jar
-// derbyclient.jar
-// derbytools.jar
-//
+ // Needed by file permissions restriction system:
+ //
+ permission java.lang.RuntimePermission "accessUserInformation";
+ permission java.lang.RuntimePermission "getFileStoreAttributes";
+ permission java.util.PropertyPermission
+ "derby.__serverStartedFromCmdLine", "read, write";
+
+ // JMX: Uncomment this permission to allow the ping operation of the
+ // NetworkServerMBean to connect to the Network Server.
+ //permission java.net.SocketPermission "*", "connect,resolve";
+
+ // Needed by sysinfo. The file permission is needed to
+ // check the existence of jars on the classpath. You can
+ // limit this permission to just the locations which hold
+ // your jar files.
+ //
+ // In this template file, this block of permissions is granted
+ // to derbynet.jar under the assumption that derbynet.jar is
+ // the first jar file in your classpath which contains the
+ // sysinfo classes. If that is not the case, then you will want
+ // to grant this block of permissions to the first jar file
+ // in your classpath which contains the sysinfo classes.
+ // Those classes are bundled into the following Derby
+ // jar files:
+ //
+ // derbynet.jar
+ // derby.jar
+ // derbyclient.jar
+ // derbytools.jar
+ //
permission java.util.PropertyPermission "user.*", "read";
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.class.path", "read";
Modified: db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita?rev=1481853&r1=1481852&r2=1481853&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita Mon May 13 13:58:36 2013
@@ -28,91 +28,209 @@ limitations under the License.
The Network Server's Basic security policy is documented in
the section . Most likely, you
will want to customize your own security policy. For example, you might want
-to restrict the server's liberal file i/o permissions which let the server
-backup/restore and export/import to or from any location in the local file system. Customizing
-the security policy is simple:
-- A template policy lives in the Derby distribution at demo/templates/server.policy.
+to restrict the server's liberal file I/O permissions, which let the server
+backup/restore and export/import to or from any location in the local file
+system. Customizing the security policy is simple:
+
+- A template policy lives in the
+ distribution at
+demo/templates/server.policy.
Copy the file from this location to your own file, say myCustomized.policy.
All of the following edits take place in your custom file.
- Replace the ${derby.install.url} variable with the location of
-the Derby jars in your local file system.
+the jars in your local
+file system.
- Replace the ${derby.system.home} variable with the location of
-your Derby system directory. Alternatively, rather than replacing this variable,
-you can simply set the value of the derby.system.home system property
-when you boot the server.
-- You must grant java.net.SocketPermission to
-derby.jar if you are using LDAP authentication, so
-that the Derby code is allowed to contact the LDAP server to perform
-the authentication.
+your system directory.
+Alternatively, rather than replacing this variable, you can simply set the value
+of the derby.system.home system property when you boot the server.
+- Replace the ${derby.drda.traceDirectory} variable with the location
+of your server trace file if you plan to use tracing.
+- Grant java.net.SocketPermission to derby.jar if you
+are using LDAP authentication, so that the
+ code is allowed to
+contact the LDAP server to perform the authentication.
- You may want to restrict the socket permission for derbynet.jar,
which by default accepts connections from any host ("*").
Note that the special wildcard address "0.0.0.0" is not
-understood by SocketPermission, even though Derby accepts this wildcard as
-a valid value for accepting connections on all network interfaces (IPv4).
+understood by SocketPermission, even though
+ accepts this wildcard
+as a valid value for accepting connections on all network interfaces
+(IPv4).
- Refine the file permissions needed by backup/restore, import/export, and
the loading of application jars.
-
The following example is a copy of a sample, customized policy file:
+
+The following example is a copy of a sample customized policy file:
grant codeBase "file:/usr/local/share/sw/derby/lib/derby.jar"
{
-//
-// These permissions are needed for everyday, embedded Derby usage.
-//
+ // These permissions are needed for everyday, embedded Derby usage.
+ //
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
- // The next two properties are used to determine if the VM is 32 or 64 bit.
+ permission java.util.PropertyPermission "user.dir", "read";
+
+ // The next two properties are used to determine if the VM is 32 or
+ // 64 bit.
+ //
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.util.PropertyPermission "os.arch", "read";
- permission java.util.PropertyPermission "user.dir", "read";
- permission java.io.FilePermission "/usr/local/shoppingCartApp/databases","read";
- permission java.io.FilePermission "/usr/local/shoppingCartApp/databases/-",
- "read,write,delete";
- permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
- "write";
-
-//
-// This permission lets a DBA reload the policy file while the server
-// is still running. The policy file is reloaded by invoking the
-// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
-//
+
+ // Customized to actual location of derby.system.home:
+ //
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/databases", "read";
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/databases/-", "read,write,delete";
+
+ // This permission lets a DBA reload the policy file while the server
+ // is still running. The policy file is reloaded by invoking the
+ // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
+ //
permission java.security.SecurityPermission "getPolicy";
-//
-// This permission lets you backup and restore databases
-// to and from a selected branch of the local file system:
-//
- permission java.io.FilePermission "/usr/local/shoppingCartApp/backups/-", "read,write,delete";
-//
-// This permission lets you import data from
-// a selected branch of the local file system:
-//
- permission java.io.FilePermission "/usr/local/shoppingCartApp/imports/-", "read";
-//
-// This permission lets you export data to
-// a selected branch of the local file system:
-//
- permission java.io.FilePermission "/usr/local/shoppingCartApp/exports/-", "write";
-//
-// This permission lets you load your databases with jar files of
-// application code
-//
- permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*", "read";
+ // This permission lets you backup and restore databases
+ // to and from a selected branch of the local file system:
+ //
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/backups/-", "read,write,delete";
+
+ // This permission lets you import data from
+ // a selected branch of the local file system:
+ //
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/imports/-", "read";
-// LDAP server on localhost using default LDAP port 389:
- permission java.net.SocketPermission "localhost:389", "connect,resolve";
+ // This permission lets you export data to
+ // a selected branch of the local file system:
+ //
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/exports/-", "write";
+
+ // This permission lets you load your databases with jar files of
+ // application code
+ //
+ permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*",
+ "read";
+
+ // LDAP server on localhost using default LDAP port 389:
+ //
+ permission java.net.SocketPermission "localhost:389",
+ "connect,resolve";
+
+ // Permissions needed for JMX based management and monitoring.
+ // Uncomment the following MBeanServerPermission, MBeanPermission and
+ // MBeanTrustPermission if you need JMX monitoring. Consider the
+ // security implications before you open up for JMX
+ // monitoring.
+ //
+ // Allows this code to create an MBeanServer:
+ //
+ // permission javax.management.MBeanServerPermission
+ // "createMBeanServer";
+ //
+ // Allows access to Derby's built-in MBeans, within the domain
+ // org.apache.derby. Derby must be allowed to register and unregister
+ // these MBeans. It is possible to allow access only to specific
+ // MBeans, attributes or operations. To fine-tune this permission, see
+ // the API documentation for javax.management.MBeanPermission or the
+ // JMX Instrumentation and Agent Specification:
+ //
+ // permission javax.management.MBeanPermission
+ // "org.apache.derby.*#[org.apache.derby:*]",
+ // "registerMBean, unregisterMBean";
+ //
+ // Trusts Derby code to be a source of MBeans and to register these
+ // in the MBean server:
+ //
+ // permission javax.management.MBeanTrustPermission "register";
+
+ // getProtectionDomain is an optional permission needed for printing
+ // classpath information to derby.log. Consider if this could be a
+ // security risk before enabling it.
+ //
+ // permission java.lang.RuntimePermission "getProtectionDomain";
+
+ // The following permission must be granted for
+ // Connection.abort(Executor) to work. Note that this permission must
+ // also be granted to outer (application) code domains.
+ // Uncomment this permission if you plan to use Connection.abort.
+ //
+ // permission java.sql.SQLPermission "callAbort";
+
+ // Needed by file permissions restriction system (see the
+ // documentation for derby.storage.useDefaultFilePermissions in the
+ // Reference Manual). Consider restricting the database file-level
+ // permissions for security.
+ permission java.lang.RuntimePermission "accessUserInformation";
+ permission java.lang.RuntimePermission "getFileStoreAttributes";
};
grant codeBase "file:/usr/local/share/sw/derby/lib/derbynet.jar"
{
-//
-// This permission lets the Network Server manage connections from clients
-// originating from the localhost, on any port.
-//
+ // This permission lets the Network Server manage connections from
+ // clients originating from the localhost, on any port. Consider the
+ // security implications before you open up database connections
+ // from other hosts.
+ //
permission java.net.SocketPermission "localhost:0-", "accept";
+
+ // Needed for server tracing.
+ //
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/trace/-", "read,write,delete";
+
+ // Needed by file permissions restriction system:
+ //
+ permission java.lang.RuntimePermission "accessUserInformation";
+ permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+ // Mandatory if running with a customized policy file.
+ //
+ permission java.util.PropertyPermission
+ "derby.__serverStartedFromCmdLine", "read, write";
+
+ //
+ // JMX: Uncomment this permission to allow the ping operation of the
+ // NetworkServerMBean to connect to the Network Server.
+ //
+ // permission java.net.SocketPermission "*", "connect,resolve";
+
+ // Needed by the sysinfo tool only. You may want to remove the
+ // block of permissions below if you don't plan to use it. The file
+ // permission is needed to check the existence of jars on the
+ // classpath. You can limit this permission to just the locations
+ // which hold your jar files.
+ //
+ // This block of permissions is granted to derbynet.jar under the
+ // assumption that derbynet.jar is the first jar file in your
+ // classpath which contains the sysinfo classes. If that is not the
+ // case, then you will want to grant this block of permissions to
+ // the first jar file in your classpath which contains the sysinfo
+ // classes. Those classes are bundled into the following Derby jar
+ // files:
+ //
+ // derbynet.jar
+ // derby.jar
+ // derbyclient.jar
+ // derbytools.jar
+ //
+ permission java.util.PropertyPermission "user.*", "read";
+ permission java.util.PropertyPermission "java.home", "read";
+ permission java.util.PropertyPermission "java.class.path", "read";
+ permission java.util.PropertyPermission "java.runtime.version", "read";
+ permission java.util.PropertyPermission "java.fullversion", "read";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.io.FilePermission
+ "/usr/local/shoppingCartApp/jars/-", "read";
+ permission java.io.FilePer mission "java.runtime.version", "read";
+ permission java.io.FilePermission "java.fullversion", "read";
};
After customizing the Basic policy, you may bring up the
Network Server as follows:
-java -Djava.security.manager -Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy org.apache.derby.drda.NetworkServerControl start -h localhost
+java -Djava.security.manager \
+-Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy \
+org.apache.derby.drda.NetworkServerControl start -h localhost
Modified: db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita?rev=1481853&r1=1481852&r2=1481853&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevbabejgjd.dita Mon May 13 13:58:36 2013
@@ -44,15 +44,6 @@ in the database.
individual properties
set in the JVM machine's system set. If the action is denied, properties in the JVM machine's
system set are ignored.
-
-permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
-"write"
-This property is used by Derby to prevent the accidental boot of the database
-by two class loaders. If the database is booted by two class loaders, database
-corruption can occur.
-If write permission for this property is not granted, a message is printed
-to the log file which indicates that the database
-is not protected from dual boot and possible corruption.
Database access permissions
- permission java.io.FilePermission "directory${/}/-", "read,write,delete"
@@ -117,6 +108,18 @@ errors and when the derby.stream.erro
is set. See the documentation of this property in the
for details.
+- permission java.lang.RuntimePermission "accessUserInformation";
+- permission java.lang.RuntimePermission "getFileStoreAttributes";
+- These two permissions are needed when you are running with JDK 7 or higher
+and when the secure file mask settings are active (that is, when
+derby.storage.useDefaultFilePermissions is set to false, or when the
+server has been started from the command line (in which case secure file mask
+settings are active by default).
+
+- permission java.lang.RuntimePermission "getProtectionDomain";
+- This permission is needed if you want classpath information to be printed to
+derby.log.
+
- permission javax.management.MBeanServerPermission "createMBeanServer";
- Allows to create an
MBean server. If the JVM running
Modified: db/derby/docs/trunk/src/devguide/rdevcsecure871406.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure871406.dita?rev=1481853&r1=1481852&r2=1481853&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure871406.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure871406.dita Mon May 13 13:58:36 2013
@@ -22,12 +22,12 @@ limitations under the License.
Java security policy file example 1
- /* Grants permission to run and access all */
-/* databases under the system home */
-/* when it is specified by the system property */
-/* .system.home */
+ /* Grants permission to run and access all */
+/* databases under the system home */
+/* when it is specified by the system property */
+/* derby.system.home */
-/* Note .system.home must be an absolute pathname */
+/* Note derby.system.home must be an absolute pathname */
grant codeBase "file://f://lib/derby.jar" {
@@ -36,8 +36,6 @@ grant codeBase "file://f:/
Modified: db/derby/docs/trunk/src/devguide/rdevcsecure871422.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure871422.dita?rev=1481853&r1=1481852&r2=1481853&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure871422.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure871422.dita Mon May 13 13:58:36 2013
@@ -22,10 +22,9 @@ limitations under the License.
Java security policy file example 2
- /* Grants permission to run and access all */
-/* databases under the system home */
-/* when it defaults to the current directory */
-
+ /* Grants permission to run and access all */
+/* databases under the system home */
+/* when it defaults to the current directory */
grant codeBase "file://f://lib/derby.jar" {
permission java.lang.RuntimePermission "createClassLoader";
@@ -34,9 +33,6 @@ grant codeBase "file://f:/
Modified: db/derby/docs/trunk/src/devguide/rdevcsecure871439.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure871439.dita?rev=1481853&r1=1481852&r2=1481853&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure871439.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure871439.dita Mon May 13 13:58:36 2013
@@ -22,10 +22,10 @@ limitations under the License.
Java security policy file example 3
- /* Grants permission to run and access a single */
-/* database (salesdb) under the system home */
+ /* Grants permission to run and access a single */
+/* database (salesdb) under the system home */
-/* Note .system.home must be an absolute pathname */
+/* Note derby.system.home must be an absolute pathname */
grant codeBase "file://f://lib/derby.jar" {
@@ -36,10 +36,6 @@ grant codeBase "file://f:/