db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1557129 - in /db/derby/docs/trunk/src/adminguide: cadminreplicsecurity.dita tadminnetservbasic.dita tadminnetservcustom.dita
Date Fri, 10 Jan 2014 14:17:19 GMT
Author: chaase3
Date: Fri Jan 10 14:17:19 2014
New Revision: 1557129

URL: http://svn.apache.org/r1557129
Log:
DERBY-6448  Document new SocketPermission in Network Server policy file

Modified 3 Admin Guide topics.

Patch: DERBY-6448.diff

Modified:
    db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita

Modified: db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita?rev=1557129&r1=1557128&r2=1557129&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita Fri Jan 10 14:17:19 2014
@@ -32,8 +32,9 @@ allow the master-slave network connectio
 <codeblock>grant codeBase "${derby.install.url}derby.jar"</codeblock>
 <p>Add the following permission to the policy file on the master system:</p>
 <codeblock>permission java.net.SocketPermission "<i>slaveHost</i>:<i>slavePort</i>",
"connect,resolve";</codeblock>
-<p>Add the following permission to the policy file on the slave system:</p>
-<codeblock>permission java.net.SocketPermission "<i>slaveHost</i>", "accept,resolve";</codeblock>
+<p>Add the following permissions to the policy file on the slave system:</p>
+<codeblock>permission java.net.SocketPermission "<i>slaveHost</i>", "accept,resolve";
+permission java.net.SocketPermission "localhost:<i>slavePort</i>", "listen";</codeblock>
 <p><i>slaveHost</i> and <i>slavePort</i> are the values you
specify for the
 <codeph>slaveHost=<i>hostname</i></codeph> and
 <codeph>slavePort=<i>portValue</i></codeph> attributes, which are
described in

Modified: db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita?rev=1557129&r1=1557128&r2=1557129&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita Fri Jan 10 14:17:19 2014
@@ -153,6 +153,15 @@ grant codeBase "${derby.install.url}derb
   //
   permission java.net.SocketPermission "*", "accept"; 
 
+  // Allow the server to listen to the socket on the default port (1527).
+  // If you have specified another port number with the -p option to
+  // "NetworkServerControl start" on the command line, or with the
+  // portNumber parameter to the NetworkServerControl constructor in the
+  // API, or with the property derby.drda.portNumber, you should change
+  // the port number in the permission statement accordingly.
+  //
+  permission java.net.SocketPermission "localhost:1527", "listen";
+
   // Needed for server tracing.
   //
   permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",

Modified: db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita?rev=1557129&r1=1557128&r2=1557129&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita Fri Jan 10 14:17:19 2014
@@ -177,7 +177,7 @@ grant codeBase "file:/usr/local/share/sw
   // security implications before you open up database connections
   // from other hosts.
   //
-  permission java.net.SocketPermission "localhost:0-", "accept"; 
+  permission java.net.SocketPermission "localhost:0-", "accept,listen"; 
 
   // Needed for server tracing.
   //



Mime
View raw message