db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chaa...@apache.org
Subject svn commit: r1599789 - /db/derby/docs/trunk/src/adminguide/
Date Tue, 03 Jun 2014 20:41:03 GMT
Author: chaase3
Date: Tue Jun  3 20:41:03 2014
New Revision: 1599789

URL: http://svn.apache.org/r1599789
Log:
DERBY-6217  Put all of the security documentation in a single, separate user guide

Modified 10 Admin Guide topics and map file; removed 17 topics.

Patches: DERBY-6217-admin.diff

Removed:
    db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
    db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
    db/derby/docs/trunk/src/adminguide/cadminapps811656.dita
    db/derby/docs/trunk/src/adminguide/cadminapps811695.dita
    db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita
    db/derby/docs/trunk/src/adminguide/cadminnetservfileperms.dita
    db/derby/docs/trunk/src/adminguide/cadminnetservsecurity.dita
    db/derby/docs/trunk/src/adminguide/cadminssl.dita
    db/derby/docs/trunk/src/adminguide/cadminssladmin.dita
    db/derby/docs/trunk/src/adminguide/cadminsslclient.dita
    db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita
    db/derby/docs/trunk/src/adminguide/cadminsslserver.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservopen.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservrun.dita
    db/derby/docs/trunk/src/adminguide/tadminnetservusrauth.dita
Modified:
    db/derby/docs/trunk/src/adminguide/cadminapps.dita
    db/derby/docs/trunk/src/adminguide/cadminappsclient.dita
    db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita
    db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita
    db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
    db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita
    db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita
    db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita
    db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita
    db/derby/docs/trunk/src/adminguide/tadminadv804410.dita
    db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita

Modified: db/derby/docs/trunk/src/adminguide/cadminapps.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps.dita Tue Jun  3 20:41:03 2014
@@ -28,6 +28,9 @@ using the Network Server.</shortdesc>
 <keywords><indexterm>Network Server<indexterm>Differences with embedded
driver</indexterm></indexterm></keywords>
 </metadata></prolog>
 <conbody>
+<p>See "Configuring Network Server authentication in special circumstances" in
+the <ph conref="../conrefs.dita#pub/citsec"></ph> for information about
+authentication that is specific to the Network Server.</p>
 <note>There may be undocumented differences that have not yet been
 identified.</note>
 </conbody>

Modified: db/derby/docs/trunk/src/adminguide/cadminappsclient.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminappsclient.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminappsclient.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminappsclient.dita Tue Jun  3 20:41:03 2014
@@ -27,6 +27,9 @@ authentication.</shortdesc>
 <keywords><indexterm>Network client driver</indexterm></keywords>
 </metadata></prolog>
 <conbody>
+<p>See "Configuring user authentication" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about configuring
+Network Server authentication.</p>
 <p>The driver that you need to access the Network Server is:
 <codeblock>org.apache.derby.jdbc.ClientDriver</codeblock></p>
 <p>The syntax of the URL that is required to access the Network Server is:
@@ -194,8 +197,9 @@ append to the existing trace file.</entr
 <row>
 <entry colname="col1"><codeph>securityMechanism</codeph></entry>
 <entry colname="col2"><codeph>Integer</codeph></entry>
-<entry colname="col3">The security mechanism. See
-<xref href="cadminappsclientsecurity.dita#cadminappsclientsecurity"></xref>.</entry>
+<entry colname="col3">The security mechanism. See "Configuring Network Client
+authentication without SSL/TLS" in the 
+<ph conref="../conrefs.dita#pub/citsec"></ph>.</entry>
 <entry colname="COLSPEC1"><codeph>securityMechanism</codeph></entry>
 <entry colname="col4">The default is <codeph>USER_ONLY_SECURITY</codeph>.</entry>
 </row>
@@ -213,8 +217,8 @@ work.</entry>
 <row>
 <entry colname="col1"><codeph>ssl</codeph></entry>
 <entry colname="col2"><codeph>String</codeph></entry>
-<entry colname="col3">The SSL mode for the client connection. See
-<xref href="cadminssl.dita#cadminssl"></xref>.</entry>
+<entry colname="col3">The SSL mode for the client connection. See "Configuring
+SSL/TLS" in the <ph conref="../conrefs.dita#pub/citsec"></ph>.</entry>
 <entry colname="COLSPEC1"><codeph>ssl</codeph></entry>
 <entry colname="col4">The default is <codeph>off</codeph>.</entry>
 </row>

Modified: db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita Tue Jun  3 20:41:03 2014
@@ -39,8 +39,9 @@ permission java.net.SocketPermission "lo
 <codeph>slaveHost=<i>hostname</i></codeph> and
 <codeph>slavePort=<i>portValue</i></codeph> attributes, which are
described in
 the <ph conref="../conrefs.dita#pub/citref"></ph>.</p>
-<p>See <xref href="tadminnetservbasic.dita#tadminnetservbasic"></xref>
for
-details on the security policy file.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for details on the security policy
+file.</p>
 <p>Depending on the security mode
 <ph conref="../conrefs.dita#prod/productshortname"></ph> is running under, the
 measures described in the following table are enforced when you specify the

Modified: db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita Tue Jun  3 20:41:03 2014
@@ -60,9 +60,9 @@ initialized.</dd>
 <dd>Specifies the location for trace files. If the tracing directory is not
 specified, the traces are placed in <codeph>derby.system.home</codeph>.</dd>
 </dlentry></dl>
-<section><title>Security Considerations</title>
-<p>For general security considerations for the Network Server, see
-<xref href="cadminnetservsecurity.dita"></xref>.</p>
+<section><title>Security considerations</title>
+<p>For general security considerations for the Network Server, see the
+<ph conref="../conrefs.dita#pub/citsec"></ph>.</p>
 <p>The <codeph>host</codeph> parameter allows configuration of the host
name
 that will be used for the listening socket for network connections. By default,
 the Network Server will listen to requests only on the loopback address, which

Modified: db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap (original)
+++ db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap Tue Jun  3 20:41:03 2014
@@ -215,8 +215,6 @@ method"></topicref>
 </topicref>
 </topicref>
 <topicref collection-type="family" href="cadminappsclient.dita" navtitle="Accessing the
Network Server by using the network client driver">
-<topicref href="cadminappsclientsecurity.dita" navtitle="Network client security">
-</topicref>
 <topicref href="cadminappsclienttracing.dita" navtitle="Network client tracing">
 </topicref>
 <topicref href="radminappsclientxmp.dita" navtitle="Network client driver examples">
@@ -242,14 +240,6 @@ Server">
 </topicref>
 <topicref href="radminappsresultsetdiffs.dita" navtitle="Updatable Result Sets">
 </topicref>
-<topicref collection-type="family" href="cadminapps49914.dita" navtitle="User authentication
differences">
-<topicref href="cadminapps811631.dita" navtitle="Network Server user authentication when
user authentication is on in Derby">
-</topicref>
-<topicref href="cadminapps811656.dita" navtitle="Network Server user authentication when
user authentication is off
-in Derby"></topicref>
-<topicref href="cadminapps811695.dita" navtitle="Enabling the encrypted user ID and password
security mechanism">
-</topicref>
-</topicref>
 <topicref href="cadminappsjdbcdiffs.dita" navtitle="Differences in JDBC methods">
 </topicref>
 <topicref href="cadminappsdiffsreadonly.dita" navtitle="Differences using the Connection.setReadOnly
method">
@@ -316,22 +306,6 @@ navtitle="Setting Network Server propert
 </topicref>
 </topicref>
 <topicref collection-type="family" href="cadminadvtops.dita" navtitle="Derby Network Server
advanced topics">
-<topicref href="cadminnetservsecurity.dita" navtitle="Network Server security">
-</topicref>
-<topicref href="cadminnetservfileperms.dita" navtitle="Controlling database file access">
-</topicref>
-<topicref collection-type="family" href="tadminnetservrun.dita" navtitle="Running the
Network Server under the security manager">
-<topicref href="tadminnetservbasic.dita" navtitle="Basic Network Server security policy"></topicref>
-<topicref href="tadminnetservcustom.dita" navtitle="Customizing the Network Server's security
policy"></topicref>
-<topicref href="tadminnetservopen.dita" navtitle="Running the Network Server without a
security policy"></topicref>
-</topicref>
-<topicref href="tadminnetservusrauth.dita" navtitle="Running the Network Server with user
authentication"></topicref>
-<topicref collection-type="family" href="cadminssl.dita" navtitle="Network encryption
and authentication with SSL/TLS">
-<topicref href="cadminsslkeys.dita" navtitle="Key and certificate handling"></topicref>
-<topicref href="cadminsslserver.dita" navtitle="Starting the server with SSL/TLS"></topicref>
-<topicref href="cadminsslclient.dita" navtitle="Running the client with SSL/TLS"></topicref>
-<topicref href="cadminssladmin.dita" navtitle="Other server commands"></topicref>
-</topicref>
 <topicref href="tadminconfiguringthenetworkserver.dita" navtitle="Configuring the Network
Server to handle connections">
 </topicref>
 <topicref href="tadminlogfile.dita" navtitle="Controlling logging by using the log file">

Modified: db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita Tue Jun  3
20:41:03 2014
@@ -34,8 +34,9 @@ directory created, the policy must allow
 <codeblock>permission java.io.FilePermission "<i>directory</i>", "read,write";</codeblock>
 <p>and for the trace directory itself, the policy must allow</p>
 <codeblock>permission java.io.FilePermission "<i>tracedirectory</i>${/}-",
"write";</codeblock>
-<p>See <xref href="tadminnetservcustom.dita#tadminnetservcustom"></xref>
for
-information about customizing the Network Server's security policy.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about customizing
+the Network Server's security policy.</p>
 </section>
 <refsyn><title>Syntax</title>
 <codeblock>derby.drda.traceDirectory=<i>traceFileDirectory</i></codeblock>

Modified: db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita Tue Jun  3 20:41:03 2014
@@ -37,8 +37,7 @@ completely.</p>
 <p>The second technique is to run the Network Server with a custom security
 policy that does not grant <codeph>derby.jar</codeph> the permissions needed
to
 register MBeans. For example, you can modify the Network Server's basic policy
-(see <xref href="tadminnetservbasic.dita#tadminnetservbasic"></xref>) by
-commenting out this section:</p>
+by commenting out this section:</p>
 <codeblock>// Allows access to <ph conref="../conrefs.dita#prod/productshortname"></ph>'s
built-in MBeans, within the domain
 // org.apache.derby.
 // <ph conref="../conrefs.dita#prod/productshortname"></ph> must be allowed to
register and unregister these MBeans.
@@ -54,6 +53,9 @@ permission javax.management.MBeanPermiss
 <codeph>derby.jar</codeph>,
 <ph conref="../conrefs.dita#prod/productshortname"></ph> will silently skip
 starting the management service at boot time.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about customizing
+the Network Server's security policy.</p>
 </section>
 </refbody>
 </reference>

Modified: db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita Tue Jun  3 20:41:03 2014
@@ -51,8 +51,9 @@ the permissions you may need to set to a
 This recommendation also applies if you are running
 <ph conref="../conrefs.dita#prod/productshortname"></ph> embedded with a
 security manager installed.</p>
-<p>See <xref href="tadminnetservrun.dita#tadminnetservrun"></xref> for
more
-information about security policy files.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for more information about
+security policy files.</p>
 <p>Some example permissions are included in the following code. These
 permissions are not necessarily suitable for any particular application or
 environment; some customization is probably needed. Only permissions relating to the

Modified: db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita Tue Jun  3 20:41:03 2014
@@ -67,10 +67,9 @@ details.</note></p>
 <p>In the example above, system properties specify the keystore containing the
 server's key pair, the keystore password, the truststore containing the client
 certificates, and the truststore password. Setting up SSL keystores and
-truststores is partly described in
-<xref href="cadminsslkeys.dita#cadminsslkeys"></xref>. Other topics in the
-section <xref href="cadminssl.dita#cadminssl"></xref> provide information on
-protecting database network traffic using SSL.</p>
+truststores is described in the section "Configuring SSL/TLS" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph>, along with more information
+on protecting database network traffic using SSL.</p>
 <p>When you configure SSL as described above, the following requirements
 apply:</p>
 <ul>

Modified: db/derby/docs/trunk/src/adminguide/tadminadv804410.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminadv804410.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminadv804410.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminadv804410.dita Tue Jun  3 20:41:03 2014
@@ -58,8 +58,9 @@ directory created, the policy must allow
 <codeblock>permission java.io.FilePermission "<i>directory</i>", "read,write";</codeblock>
 <p>For the trace directory itself, the policy must allow</p>
 <codeblock>permission java.io.FilePermission "<i>tracedirectory</i>${/}-",
"write";</codeblock>
-<p>See <xref href="tadminnetservcustom.dita#tadminnetservcustom"></xref>
for
-information about customizing the Network Server's security policy.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about customizing
+the Network Server's security policy.</p>
 </stepxmp>
 </step>
 </steps>

Modified: db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita Tue Jun  3 20:41:03 2014
@@ -32,21 +32,21 @@ such as blocked ports on the server.</no
 <example>
 <p>
 You are strongly urged to enable user authentication and user authorization when
-you run a Network Server. For details on how to configure user authentication,
-see "Working with user authentication" in the
-<ph conref="../conrefs.dita#pub/citdevelop"></ph>. For information on user
-authorization, see "Users and authorization identifiers" and "User
-authorizations" in the <ph conref="../conrefs.dita#pub/citdevelop"></ph>. You
+you run a Network Server. For details on how to configure user authentication
+and authorization,
+see "Configuring user authentication" and "Configuring user authorization" in
+the <ph conref="../conrefs.dita#pub/citsec"></ph>. You
 are also urged to install a Java security manager with a customized security
-policy. For details on how to do this, see
-<xref href="tadminnetservcustom.dita#tadminnetservcustom"></xref>.</p>
+policy. For details on how to do this, see "Configuring Java security," also in
+the <ph conref="../conrefs.dita#pub/citsec"></ph>.</p>
 <p>If you are running Java SE 7 or later, and if you start the
 <ph conref="../conrefs.dita#prod/productshortname"></ph> Network Server from
the
 command line as described here, access to databases and to other
 <ph conref="../conrefs.dita#prod/productshortname"></ph> files is by default
 restricted to the operating system account that started the Network Server. It
 is possible to override this default behavior. For more information, see
-<xref href="cadminnetservfileperms.dita#cadminnetservfileperms"></xref>.</p>
+"Restricting file permissions" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph>.</p>
 <p>You can start the Network Server in any of the following ways:</p>
 <ul>
 <li><p>If you are relatively new to the Java programming language, follow the




Mime
View raw message