db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1845659 - in /db/derby/docs/trunk/src/security: csecjavasecurity.dita rsecbasicclient.dita rsecbasicengine.dita rsecbasicserver.dita rsecbasictools.dita rsecnetservbasic.dita rsecpolicysample.dita secderby.ditamap
Date Sat, 03 Nov 2018 13:34:56 GMT
Author: rhillegas
Date: Sat Nov  3 13:34:55 2018
New Revision: 1845659

URL: http://svn.apache.org/viewvc?rev=1845659&view=rev
Log:
DERBY-6980: Replace the one-size-fits-all template policy with separate policies for the important Derby configurations: embedded engine, server, remote client, and local tools. Commit derby-6980-03-aa-securityPolicies.diff.

Added:
    db/derby/docs/trunk/src/security/rsecbasicclient.dita   (with props)
    db/derby/docs/trunk/src/security/rsecbasicengine.dita   (with props)
    db/derby/docs/trunk/src/security/rsecbasicserver.dita   (with props)
    db/derby/docs/trunk/src/security/rsecbasictools.dita   (with props)
Removed:
    db/derby/docs/trunk/src/security/rsecnetservbasic.dita
Modified:
    db/derby/docs/trunk/src/security/csecjavasecurity.dita
    db/derby/docs/trunk/src/security/rsecpolicysample.dita
    db/derby/docs/trunk/src/security/secderby.ditamap

Modified: db/derby/docs/trunk/src/security/csecjavasecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/csecjavasecurity.dita?rev=1845659&r1=1845658&r2=1845659&view=diff
==============================================================================
--- db/derby/docs/trunk/src/security/csecjavasecurity.dita (original)
+++ db/derby/docs/trunk/src/security/csecjavasecurity.dita Sat Nov  3 13:34:55 2018
@@ -41,30 +41,41 @@ customer-coded functions and procedures.
 <li><b>Sockets</b>: You control what machines can connect to the server and
 what machines the server can connect to.</li>
 </ul>
-<p>To take advantage of these powerful controls, first customize a copy of the 
-<ph conref="../conrefs.dita#prod/productshortname"></ph> security policy
-template. You will find a template security policy in the
-<ph conref="../conrefs.dita#prod/productshortname"></ph> distribution at 
-<codeph>demo/templates/server.policy</codeph>.</p>
-<p><xref href="rsecnetservbasic.dita"/> shows this basic policy. It grants
-permissions to both the <codeph>derby.jar</codeph> and
-<codeph>derbynet.jar</codeph> codebases. To run
-<ph conref="../conrefs.dita#prod/productshortname"></ph> in embedded mode, you
-must grant permissions to <codeph>derby.jar</codeph>. To run the
-<ph conref="../conrefs.dita#prod/productshortname"></ph> Network Server, you
-must grant permissions to both <codeph>derby.jar</codeph> and
-<codeph>derbynet.jar</codeph>.</p>
-<p><xref href="rsecpolicysample.dita#rsecpolicysample"></xref> shows a sample
-customized policy file.</p>
-<p>To customize the file, make the following edits:</p>
+<p>To take advantage of these powerful controls, first customize one of the template
+security policies documented here.
+You can find these template security policies in the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> distribution in the 
+<codeph>demo/templates</codeph> directory.
+Choose the policy which corresponds to the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> configuration which you are running:
+</p>
+
+<ul>
+<li>Customize <xref href="rsecbasicengine.dita"/> if you are embedding
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> engine in your application,
+that is, if you are running the smallest footprint, core Derby configuration.</li>
+<li>Customize <xref href="rsecbasicserver.dita"/> if you are running
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> network server.</li>
+<li>Customize <xref href="rsecbasicclient.dita"/> if your application
+runs on a remote machine and accesses 
+<ph conref="../conrefs.dita#prod/productshortname"></ph> databases across a network.</li>
+<li>Customize <xref href="rsecbasictools.dita"/> if you need to run
+<ph conref="../conrefs.dita#prod/productshortname"></ph> tools locally
+on the same machine as your databases.</li>
+</ul>
+
+<p>To customize these files, make the following edits:</p>
 <ul>
 <li><b>URLs</b>: Replace the <codeph>${derby.install.url}</codeph> variables
 with a URL pointing to the directory that holds the
 <ph conref="../conrefs.dita#prod/productshortname"></ph> jar files. For example:
-<codeblock>file:///Users/me/javadb/lib/</codeblock></li>
+<codeblock>file:///Users/me/javadb/lib/</codeblock> Alternatively, you
+can set the <codeph>${derby.install.url}</codeph> system property
+(via a -D flag) when you boot the JVM.</li>
 <li><b>System home</b>: Look for instances of the string
 <codeph>${derby.system.home}</codeph>. Replace them with the name of the
-directory that holds your <codeph>derby.properties</codeph> file.</li>
+directory that holds your <codeph>derby.properties</codeph> file. Again, you
+can also set this system property when you boot the JVM.</li>
 <li><b>Tracing</b>: Grant
 <ph conref="../conrefs.dita#prod/productshortname"></ph> the power to manage a
 directory tree that will hold server trace information. Look for the
@@ -72,44 +83,16 @@ directory tree that will hold server tra
 directory where the server should write its diagnostic traces. For more
 information on <ph conref="../conrefs.dita#prod/productshortname"></ph> tracing,
 see "Controlling tracing by using the trace facility" in the
-<ph conref="../conrefs.dita#pub/citadmin"></ph>.</li>
-<li><b>Backups/imports/jars</b>: Look for the first instance of the string
-<codeph>&lt;&lt;ALL FILES>></codeph>. Note that this line is just a comment,
-as it is not safe to use the <codeph>&lt;&lt;ALL FILES>></codeph> syntax in
-a production deployment of the
-<ph conref="../conrefs.dita#prod/productshortname"></ph>
-Network Server. In order to specify these file locations, you will need
-to uncomment this line and then proceed as follows.
- Make two more copies of this line so that
-there are three copies of this line in the file. On the first line, replace
-<codeph>&lt;&lt;ALL FILES>></codeph> with the directory tree that you will use
-for holding database backups. For example:
-<codeblock>/Users/me/backups</codeblock>
-<p>Similarly, on the second line, replace <codeph>&lt;&lt;ALL FILES>></codeph>
-with the directory tree which you will use for staging imported/exported data.
-On the third line, replace <codeph>&lt;&lt;ALL FILES>></codeph> with the
-directory tree that holds the jar files of functions and procedures that you
-will load into databases. For the detailed syntax of these lines, see the
-API documentation for <codeph>java.io.FilePermission</codeph>.</p></li>
-<li><b>Sysinfo</b>: The <codeph>sysinfo</codeph> logic appears redundantly in
-several <ph conref="../conrefs.dita#prod/productshortname"></ph> jar files:
-<codeblock>derby.jar
-derbynet.jar
-derbyclient.jar
-derbytools.jar</codeblock>
-<p>If you want to run the <codeph>sysinfo</codeph> command, you will need to
-grant permissions to the first of these jar files that appears in your
-classpath.</p>
-<p><note>If you are running
-<ph conref="../conrefs.dita#prod/productshortname"></ph> by using the command
-<codeph>java -jar derbyrun.jar</codeph>, the first relevant jar file in the
-classpath is <codeph>derby.jar</codeph>. The template policy file grants these
-permissions to <codeph>derbynet.jar</codeph>. Note that the template policy file
-does not grant <codeph>sysinfo</codeph> the privilege to read any files
-in the system, as the permission line in the template is commented out.
-You can remove the comment markers, but you should restrict this permission
-to just the directory that contains the jar files wired
-into your classpath.</note></p></li>
+<ph conref="../conrefs.dita#pub/citadmin"></ph>. Again, you can also set
+this system property when you boot the JVM.</li>
+<li><b>Backups/imports/jars</b>: Look for the commented-out permissions
+related to backup/restore, import/export, and jar file loading.
+If needed, uncomment these permissions, replacing the directory references
+with secure locations in your local file system, preferably locations
+which are owned by the database owner or the user who booted the JVM.</li>
+<li><b>Sysinfo</b>: When customizing the template tools policy,
+you should replace <codeph>&lt;&lt;ALL FILES>></codeph> with the directories which
+hold the jar files which appear on your modulepath or classpath.</li>
 <li><b>Sockets</b>: The template policy file accepts connection requests from
 all hosts. You may want to restrict the template file's
 <codeph>java.net.SocketPermission</codeph> to connections from a particular

Added: db/derby/docs/trunk/src/security/rsecbasicclient.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/rsecbasicclient.dita?rev=1845659&view=auto
==============================================================================
--- db/derby/docs/trunk/src/security/rsecbasicclient.dita (added)
+++ db/derby/docs/trunk/src/security/rsecbasicclient.dita Sat Nov  3 13:34:55 2018
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+
+-->
+<!--
+
+    DO NOT EDIT THIS FILE! THIS FILE IS GENERATED BY SecurityPolicyGenerator
+    FROM POLICY DESCRIPTORS IN securityPolicy.xml.
+
+-->
+
+<reference id="rsecbasicclient" xml:lang="en-us">
+    <title>Basic client security policy template</title>
+    <shortdesc>Customize this policy if you run a client-side application, which connects to a Derby server across a network.</shortdesc>
+    <prolog>
+        <metadata>
+            <keywords>
+                <indexterm>
+                    Network Server
+                    <indexterm>basic policy</indexterm>
+                </indexterm>
+            </keywords>
+        </metadata>
+    </prolog>
+    <refbody>
+        <section>
+            <p>This policy grants essential permissions to the client and shared modules.</p>
+            <codeblock>
+grant codeBase "${derby.install.url}derbyshared.jar"
+{
+  // Needed to determine whether the JVM was booted with a module path.
+  permission java.util.PropertyPermission "jdk.module.path", "read";
+
+  // Need in order to read message localizations from other derby jars
+  // when running with a module path.
+  permission java.io.FilePermission "${derby.install.path}${/}-", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+};
+
+grant codeBase "${derby.install.url}derbyclient.jar"
+{
+  // Modify this to be the server host instead of localhost.
+  permission java.net.SocketPermission "localhost", "connect,resolve";
+
+  // DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order to
+  // do tracing in that directory. Also, it needs read/write permissions in user.dir in order
+  // to create the trace files in that directory.
+  permission java.util.PropertyPermission "user.dir", "read";
+  permission java.io.FilePermission "${user.dir}${/}-", "read,write";
+
+  // DERBY-1883: Since some classes that are included in both derby.jar and
+  // derbyclient.jar read properties, derbyclient.jar needs permission to read
+  // derby.* properties to avoid failures when it is listed before derby.jar in
+  // the classpath.
+  permission java.util.PropertyPermission "derby.*", "read";
+
+  // The following permission must be granted for Connection.abort(Executor) to work.
+  // Note that this permission must also be granted to outer (application) code domains.
+  permission java.sql.SQLPermission "callAbort";
+
+};
+
+
+            </codeblock>
+        </section>
+    </refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/security/rsecbasicclient.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/security/rsecbasicengine.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/rsecbasicengine.dita?rev=1845659&view=auto
==============================================================================
--- db/derby/docs/trunk/src/security/rsecbasicengine.dita (added)
+++ db/derby/docs/trunk/src/security/rsecbasicengine.dita Sat Nov  3 13:34:55 2018
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+
+-->
+<!--
+
+    DO NOT EDIT THIS FILE! THIS FILE IS GENERATED BY SecurityPolicyGenerator
+    FROM POLICY DESCRIPTORS IN securityPolicy.xml.
+
+-->
+
+<reference id="rsecbasicengine" xml:lang="en-us">
+    <title>Basic engine security policy template</title>
+    <shortdesc>Customize this policy if your application embeds the Derby engine, running Derby and application code in a single JVM process.</shortdesc>
+    <prolog>
+        <metadata>
+            <keywords>
+                <indexterm>
+                    Embedded Engine
+                    <indexterm>basic policy</indexterm>
+                </indexterm>
+            </keywords>
+        </metadata>
+    </prolog>
+    <refbody>
+        <section>
+            <p>The embedded engine policy grants essential permissions to the engine and shared modules.</p>
+            <codeblock>
+grant codeBase "${derby.install.url}derbyshared.jar"
+{
+  // Needed to determine whether the JVM was booted with a module path.
+  permission java.util.PropertyPermission "jdk.module.path", "read";
+
+  // Need in order to read message localizations from other derby jars
+  // when running with a module path.
+  permission java.io.FilePermission "${derby.install.path}${/}-", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+};
+
+grant codeBase "${derby.install.url}derby.jar"
+{
+  // These permissions are needed for everyday, embedded Derby usage.
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "user.dir", "read";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+  permission java.io.FilePermission "${derby.system.home}","read,write";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read,write,delete";
+
+  // Properties needed to determine if the VM is 32 or 64 bit.
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+  // Permissions needed for JMX based management and monitoring.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent Specification.
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the MBean server.
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Optional permission needed for printing classpath information to derby.log.
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // The following permission must be granted for Connection.abort(Executor) to work.
+  // Note that this permission must also be granted to outer (application) code domains.
+  permission java.sql.SQLPermission "callAbort";
+
+  // Needed by FileUtil#limitAccessToOwner.
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+  // Needed to create a temp file in order to open a database in a jar file.
+  // permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"
+
+  // Customize the following permission in order to backup and restore
+  // Derby databases to/from a secure branch of your file system,
+  // preferably one owned by the database owner or the user who booted the JVM:
+  // permission java.io.FilePermission "/Users/me/backups/-", "read,write"
+
+  // Customize the following permission in order to export and import
+  // tables to/from a secure branch of your file system,
+  // preferably one owned by the database owner or the user who booted the JVM:
+  // permission java.io.FilePermission "/Users/me/imports/-", "read,write"
+
+  // Customize the following permission in order to load
+  // jar files which contain user-written types, aggregates, functions, and procedures.
+  // Those jar files should live in a secure branch of your file system,
+  // preferably one owned by the database owner or the user who booted the JVM:
+  // permission java.io.FilePermission "/Users/me/myJars/-", "read"
+
+  // This permission lets a DBA reload the policy file while the server
+  // is still running. The policy file is reloaded by invoking
+  // the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure:
+  // permission java.security.SecurityPermission "getPolicy"
+
+  // This permission is needed to call DriverManager.deregisterDriver()
+  // and unload the Derby classes:
+  // permission java.sql.SQLPermission "deregisterDriver"
+
+};
+
+
+            </codeblock>
+        </section>
+    </refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/security/rsecbasicengine.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/security/rsecbasicserver.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/rsecbasicserver.dita?rev=1845659&view=auto
==============================================================================
--- db/derby/docs/trunk/src/security/rsecbasicserver.dita (added)
+++ db/derby/docs/trunk/src/security/rsecbasicserver.dita Sat Nov  3 13:34:55 2018
@@ -0,0 +1,199 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+
+-->
+<!--
+
+    DO NOT EDIT THIS FILE! THIS FILE IS GENERATED BY SecurityPolicyGenerator
+    FROM POLICY DESCRIPTORS IN securityPolicy.xml.
+
+-->
+
+<reference id="rsecbasicserver" xml:lang="en-us">
+    <title>Basic server security policy template</title>
+    <shortdesc>Customize this policy if you run a Derby server, either standalone or embedded inside your application.</shortdesc>
+    <prolog>
+        <metadata>
+            <keywords>
+                <indexterm>
+                    Network Server
+                    <indexterm>basic policy</indexterm>
+                </indexterm>
+            </keywords>
+        </metadata>
+    </prolog>
+    <refbody>
+        <section>
+            <p>This policy grants essential permissions to the server, tools, engine, and shared modules.</p>
+            <codeblock>
+grant codeBase "${derby.install.url}derbyshared.jar"
+{
+  // Needed to determine whether the JVM was booted with a module path.
+  permission java.util.PropertyPermission "jdk.module.path", "read";
+
+  // Need in order to read message localizations from other derby jars
+  // when running with a module path.
+  permission java.io.FilePermission "${derby.install.path}${/}-", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+};
+
+grant codeBase "${derby.install.url}derby.jar"
+{
+  // These permissions are needed for everyday, embedded Derby usage.
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "user.dir", "read";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+  permission java.io.FilePermission "${derby.system.home}","read,write";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read,write,delete";
+
+  // Properties needed to determine if the VM is 32 or 64 bit.
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+  // Permissions needed for JMX based management and monitoring.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent Specification.
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the MBean server.
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Optional permission needed for printing classpath information to derby.log.
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // The following permission must be granted for Connection.abort(Executor) to work.
+  // Note that this permission must also be granted to outer (application) code domains.
+  permission java.sql.SQLPermission "callAbort";
+
+  // Needed by FileUtil#limitAccessToOwner.
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+  // Needed to create a temp file in order to open a database in a jar file.
+  // permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"
+
+  // Customize the following permission in order to backup and restore
+  // Derby databases to/from a secure branch of your file system,
+  // preferably one owned by the database owner or the user who booted the JVM:
+  // permission java.io.FilePermission "/Users/me/backups/-", "read,write"
+
+  // Customize the following permission in order to export and import
+  // tables to/from a secure branch of your file system,
+  // preferably one owned by the database owner or the user who booted the JVM:
+  // permission java.io.FilePermission "/Users/me/imports/-", "read,write"
+
+  // Customize the following permission in order to load
+  // jar files which contain user-written types, aggregates, functions, and procedures.
+  // Those jar files should live in a secure branch of your file system,
+  // preferably one owned by the database owner or the user who booted the JVM:
+  // permission java.io.FilePermission "/Users/me/myJars/-", "read"
+
+  // This permission lets a DBA reload the policy file while the server
+  // is still running. The policy file is reloaded by invoking
+  // the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure:
+  // permission java.security.SecurityPermission "getPolicy"
+
+  // This permission is needed to call DriverManager.deregisterDriver()
+  // and unload the Derby classes:
+  // permission java.sql.SQLPermission "deregisterDriver"
+
+};
+
+grant codeBase "${derby.install.url}derbytools.jar"
+{
+  // Access all properties using System.getProperties -
+  // ij enumerates the properties in order to open connections
+  // for any property set in ij.connection.* and set protocols
+  // for any property in ij.protocol.*
+  permission java.util.PropertyPermission "*", "read,write";
+
+  // Needed by sysinfo. The file permission is needed to check the existence
+  // of jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files.
+  permission java.util.PropertyPermission "user.*", "read";
+  permission java.util.PropertyPermission "java.home", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+  permission java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read";
+
+};
+
+grant codeBase "${derby.install.url}derbynet.jar"
+{
+  // Needed by FileUtil#limitAccessToOwner.
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "read,write";
+
+  // Needed for NetworkServerMBean access.
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+
+  // Accept connections from any host. Derby is listening to the host interface
+  // specified via the -h command line option to "NetworkServerControl start",
+  // via the address parameter to the org.apache.derby.drda.NetworkServerControl
+  // constructor in the API, or via the property derby.drda.host.
+  // The default is localhost.  You may want to restrict allowed hosts,
+  // e.g. to hosts in a specific subdomain like "*.example.com".
+  permission java.net.SocketPermission "*", "accept";
+
+  // Allow the server to listen to the socket on the port specified with the
+  // -p option to "NetworkServerControl start" on the command line, or with
+  // the portNumber parameter to the NetworkServerControl constructor in the
+  // API, or with the property derby.drda.portNumber. The default is 1527.
+  permission java.net.SocketPermission "localhost:${derby.security.port}", "listen";
+
+  // Needed for server tracing.
+  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
+
+};
+
+
+            </codeblock>
+        </section>
+    </refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/security/rsecbasicserver.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/docs/trunk/src/security/rsecbasictools.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/rsecbasictools.dita?rev=1845659&view=auto
==============================================================================
--- db/derby/docs/trunk/src/security/rsecbasictools.dita (added)
+++ db/derby/docs/trunk/src/security/rsecbasictools.dita Sat Nov  3 13:34:55 2018
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
+ "../dtd/reference.dtd">
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at      
+
+http://www.apache.org/licenses/LICENSE-2.0  
+
+Unless required by applicable law or agreed to in writing, software  
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
+See the License for the specific language governing permissions and  
+limitations under the License.
+
+-->
+<!--
+
+    DO NOT EDIT THIS FILE! THIS FILE IS GENERATED BY SecurityPolicyGenerator
+    FROM POLICY DESCRIPTORS IN securityPolicy.xml.
+
+-->
+
+<reference id="rsecbasictools" xml:lang="en-us">
+    <title>Basic tools security policy template</title>
+    <shortdesc>Customize this policy if you run Derby tools against an embedded Derby engine.</shortdesc>
+    <prolog>
+        <metadata>
+            <keywords>
+                <indexterm>
+                    Network Server
+                    <indexterm>basic policy</indexterm>
+                </indexterm>
+            </keywords>
+        </metadata>
+    </prolog>
+    <refbody>
+        <section>
+            <p>This policy grants essential permissions to the tools, engine, and shared modules.</p>
+            <codeblock>
+grant codeBase "${derby.install.url}derbyshared.jar"
+{
+  // Needed to determine whether the JVM was booted with a module path.
+  permission java.util.PropertyPermission "jdk.module.path", "read";
+
+  // Need in order to read message localizations from other derby jars
+  // when running with a module path.
+  permission java.io.FilePermission "${derby.install.path}${/}-", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+};
+
+grant codeBase "${derby.install.url}derby.jar"
+{
+  // These permissions are needed for everyday, embedded Derby usage.
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "user.dir", "read";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+  permission java.io.FilePermission "${derby.system.home}","read,write";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read,write,delete";
+
+  // Properties needed to determine if the VM is 32 or 64 bit.
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+  // Permissions needed for JMX based management and monitoring.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent Specification.
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the MBean server.
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Optional permission needed for printing classpath information to derby.log.
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // The following permission must be granted for Connection.abort(Executor) to work.
+  // Note that this permission must also be granted to outer (application) code domains.
+  permission java.sql.SQLPermission "callAbort";
+
+  // Needed by FileUtil#limitAccessToOwner.
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+};
+
+grant codeBase "${derby.install.url}derbytools.jar"
+{
+  // Access all properties using System.getProperties -
+  // ij enumerates the properties in order to open connections
+  // for any property set in ij.connection.* and set protocols
+  // for any property in ij.protocol.*
+  permission java.util.PropertyPermission "*", "read,write";
+
+  // Needed by sysinfo. The file permission is needed to check the existence
+  // of jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files.
+  permission java.util.PropertyPermission "user.*", "read";
+  permission java.util.PropertyPermission "java.home", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+  permission java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read";
+
+};
+
+
+            </codeblock>
+        </section>
+    </refbody>
+</reference>

Propchange: db/derby/docs/trunk/src/security/rsecbasictools.dita
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/docs/trunk/src/security/rsecpolicysample.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/rsecpolicysample.dita?rev=1845659&r1=1845658&r2=1845659&view=diff
==============================================================================
--- db/derby/docs/trunk/src/security/rsecpolicysample.dita (original)
+++ db/derby/docs/trunk/src/security/rsecpolicysample.dita Sat Nov  3 13:34:55 2018
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
- 
 <!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
  "../dtd/reference.dtd">
-<!-- 
+
+<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
@@ -17,168 +17,170 @@ distributed under the License is distrib
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  
 See the License for the specific language governing permissions and  
 limitations under the License.
+
+-->
+<!--
+
+    DO NOT EDIT THIS FILE! THIS FILE IS GENERATED BY SecurityPolicyGenerator
+    FROM POLICY DESCRIPTORS IN securityPolicy.xml.
+
 -->
+
 <reference id="rsecpolicysample" xml:lang="en-us">
-<title>Sample customized Java security policy file</title>
-<shortdesc>Here is a sample customized Java security policy file.</shortdesc>
-<prolog><metadata>
-<keywords>
-<indexterm>Java security<indexterm>policy file sample</indexterm></indexterm>
-</keywords>
-</metadata></prolog>
-<refbody>
-<section>
-<codeblock>grant codeBase "file:///Users/me/javadb/lib/derby.jar"
+    <title>Sample customized Java security policy file</title>
+    <shortdesc>Here is a sample customized Java security policy file.</shortdesc>
+    <prolog>
+        <metadata>
+            <keywords>
+                <indexterm>
+                    Network Server
+                    <indexterm>basic policy</indexterm>
+                </indexterm>
+            </keywords>
+        </metadata>
+    </prolog>
+    <refbody>
+        <section>
+            <p>This example configures a server's permissions to allow network access and to allow backup/restore, import/export, and the loading of user-written code:</p>
+            <codeblock>
+grant codeBase "file:///Users/me/javadb/lib/derbyshared.jar"
+{
+  // Needed to determine whether the JVM was booted with a module path.
+  permission java.util.PropertyPermission "jdk.module.path", "read";
+
+  // Need in order to read message localizations from other derby jars
+  // when running with a module path.
+  permission java.io.FilePermission "${derby.install.path}${/}-", "read";
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+};
+
+grant codeBase "file:///Users/me/javadb/lib/derby.jar"
 {
-  //
   // These permissions are needed for everyday, embedded Derby usage.
-  //
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.util.PropertyPermission "user.dir", "read";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
-  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
-  // The next two properties are used to determine if the VM is 32-bit
-  // or 64-bit.
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+  permission java.io.FilePermission "${derby.system.home}","read,write";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read,write,delete";
+
+  // Properties needed to determine if the VM is 32 or 64 bit.
   permission java.util.PropertyPermission "sun.arch.data.model", "read";
   permission java.util.PropertyPermission "os.arch", "read";
-  permission java.io.FilePermission "/Users/me/derby/dummy","read";
-  permission java.io.FilePermission "/Users/me/derby/dummy${/}-", 
-      "read,write,delete";
-
-  //
-  // This permission lets a DBA reload the policy file while the server
-  // is still running. The policy file is reloaded by invoking the
-  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
-  //
-  permission java.security.SecurityPermission "getPolicy";
-
-  //
-  // This permission lets you back up and restore databases
-  // to and from arbitrary locations in your file system.
-  //
-  // This permission also lets you import/export data to and from
-  // arbitrary locations in your file system.
-  //
-  // You may want to restrict this access to specific directories.
-  //
-  permission java.io.FilePermission "/Users/me/derby/dummy/backups/-", 
-      "read,write,delete";
-  // imports/exports
-  permission java.io.FilePermission "/Users/me/derby/dummy/imports/-",
-      "read,write,delete";
-  // jar files of user-written functions and procedures
-  permission java.io.FilePermission "/Users/me/derby/dummy/jars/-",
-      "read,write,delete";
-
-  //
-  // Permissions needed for JMX based management and monitoring, which is
-  // available only for JVMs that support "platform management", that is,
-  // Java SE 5.0 or above.
-  //
-  // Allows this code to create an MBeanServer:
-  //
+
+  // Gives permission for JMX to be used against Derby
+  // but only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";
+
+  // Permissions needed for JMX based management and monitoring.
   permission javax.management.MBeanServerPermission "createMBeanServer";
-  //
+
   // Allows access to Derby's built-in MBeans, within the domain
-  // org.apache.derby. Derby must be allowed to register and unregister
-  // these MBeans. It is possible to allow access only to specific
-  // MBeans,   // attributes, or operations. To fine-tune this
-  // permission, see the API documentation of
-  // javax.management.MBeanPermission or the JMX Instrumentation and
-  // Agent Specification. 
-  //
-  permission javax.management.MBeanPermission 
-      "org.apache.derby.*#[org.apache.derby:*]",
-      "registerMBean,unregisterMBean";
-  //
-  // Trusts Derby code to be a source of MBeans and to register these in
-  // the MBean server.
-  //
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent Specification.
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the MBean server.
   permission javax.management.MBeanTrustPermission "register";
 
-  // getProtectionDomain is an optional permission needed for printing
-  // classpath information to derby.log.
+  // Optional permission needed for printing classpath information to derby.log.
   permission java.lang.RuntimePermission "getProtectionDomain";
 
-  //
-  // The following permission must be granted for
-  // Connection.abort(Executor) to work. Note that this permission must
-  // also be granted to outer (application) code domains.
-  //
+  // The following permission must be granted for Connection.abort(Executor) to work.
+  // Note that this permission must also be granted to outer (application) code domains.
   permission java.sql.SQLPermission "callAbort";
 
-  // Needed by file permissions restriction system.
+  // Needed by FileUtil#limitAccessToOwner.
   permission java.lang.RuntimePermission "accessUserInformation";
   permission java.lang.RuntimePermission "getFileStoreAttributes";
 
-  // This permission is needed to connect to the LDAP server in order
-  // to authenticate users.
-  // permission java.net.SocketPermission "127.0.0.1:1389", 
-  //    "accept,connect,resolve";
+  // Support backup/restore to/from a secure branch of the file system
+  // owned by the user who booted the JVM:
+  permission java.io.FilePermission "/Users/me/derby/dummy/backups/-", "read,write,delete";
+
+  // Support export/import of tables to/from a secure branch of the file system
+  // owned by the user who booted the JVM:
+  permission java.io.FilePermission "/Users/me/derby/dummy/imports/-", "read,write,delete";
+
+  // Support loading of jar files which contain user-written types,
+  // aggregates, functions, and procedures when those jar files live
+  // in a secure branch of the file system owned by the the user who booted the JVM:
+  permission java.io.FilePermission /Users/me/derby/dummy/jars/-", "read";
+
 };
 
-grant codeBase "file:///Users/me/javadb/lib/derbynet.jar"
+grant codeBase "file:///Users/me/javadb/lib/derbytools.jar"
 {
-  //
-  // This permission lets the Network Server manage connections from
-  // clients.
-  //
-
-  // Accept connections from any host. Derby is listening to the host
-  // interface specified via the -h option to "NetworkServerControl
-  // start" on the command line, via the address parameter to the
-  // org.apache.derby.drda.NetworkServerControl constructor in the API
-  // or via the property derby.drda.host; the default is localhost.
-  // You may want to restrict allowed hosts, e.g. to hosts in a specific
-  // subdomain, e.g. "*.example.com".
-  permission java.net.SocketPermission "localhost:0-", "accept";
-
-  //
-  // Needed for server tracing.
-  //
-  permission java.io.FilePermission "/Users/me/derby/dummy/traces${/}-", 
-      "read,write,delete";
-
-  // Needed by file permissions restriction system.
-  permission java.lang.RuntimePermission "accessUserInformation";
-  permission java.lang.RuntimePermission "getFileStoreAttributes";
-  permission java.util.PropertyPermission 
-      "derby.__serverStartedFromCmdLine", "read, write";
-
-  // JMX: Needed to boot MBeans
-  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
-  // JMX: Uncomment this permission to allow the ping operation of the 
-  //      NetworkServerMBean to connect to the Network Server.
-  //permission java.net.SocketPermission "*", "connect,resolve";
-
-  //
-  // Needed by sysinfo. The file permission is needed to check the
-  // existence of jars on the classpath. You can limit this permission to
-  // just the locations that hold your jar files.
-  //
-  // In this template file, this block of permissions is granted to
-  // derbynet.jar under the assumption that derbynet.jar is the first jar
-  // file in your classpath that contains the sysinfo classes. If that is
-  // not the case, then you will want to grant this block of permissions
-  // to the first jar file in your classpath that contains the sysinfo
-  // classes. Those classes are bundled into the following Derby jar
-  // files:
-  //
-  //    derbynet.jar
-  //    derby.jar
-  //    derbyclient.jar
-  //    derbytools.jar
-  //
+  // Access all properties using System.getProperties -
+  // ij enumerates the properties in order to open connections
+  // for any property set in ij.connection.* and set protocols
+  // for any property in ij.protocol.*
+  permission java.util.PropertyPermission "*", "read,write";
+
+  // Needed by sysinfo. The file permission is needed to check the existence
+  // of jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files.
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";
   permission java.util.PropertyPermission "java.runtime.version", "read";
   permission java.util.PropertyPermission "java.fullversion", "read";
   permission java.lang.RuntimePermission "getProtectionDomain";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+
   permission java.io.FilePermission "/Users/me/javadb/lib/-", "read";
-};</codeblock>
-</section>
-</refbody>
+
+};
+
+grant codeBase "file:///Users/me/javadb/lib/derbynet.jar"
+{
+  // Needed by FileUtil#limitAccessToOwner.
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "read,write";
+
+  // Needed for NetworkServerMBean access.
+  permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
+  permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
+
+  // Accept connections from any host. Derby is listening to the host interface
+  // specified via the -h command line option to "NetworkServerControl start",
+  // via the address parameter to the org.apache.derby.drda.NetworkServerControl
+  // constructor in the API, or via the property derby.drda.host.
+  // The default is localhost.  You may want to restrict allowed hosts,
+  // e.g. to hosts in a specific subdomain like "*.example.com".
+  permission java.net.SocketPermission "localhost:0-", "accept";
+
+  // Allow the server to listen to the socket on the port specified with the
+  // -p option to "NetworkServerControl start" on the command line, or with
+  // the portNumber parameter to the NetworkServerControl constructor in the
+  // API, or with the property derby.drda.portNumber. The default is 1527.
+  permission java.net.SocketPermission "localhost:1527", "listen";
+
+  // Support the writing of traces into a branch of the file system
+  // owned by the user who booted the JVM:
+  permission java.io.FilePermission "Users/me/derby/dummy/traces${/}-", "read,write,delete";
+
+};
+
+
+            </codeblock>
+        </section>
+    </refbody>
 </reference>

Modified: db/derby/docs/trunk/src/security/secderby.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/security/secderby.ditamap?rev=1845659&r1=1845658&r2=1845659&view=diff
==============================================================================
--- db/derby/docs/trunk/src/security/secderby.ditamap (original)
+++ db/derby/docs/trunk/src/security/secderby.ditamap Sat Nov  3 13:34:55 2018
@@ -135,7 +135,10 @@
 </topicref>
 </topicref>
 <topicref collection-type="family" href="csecjavasecurity.dita" navtitle="Configuring Java security">
-<topicref href="rsecnetservbasic.dita" navtitle="Basic Java security policy file"/>
+<topicref href="rsecbasicengine.dita" navtitle="Basic engine security policy template"/>
+<topicref href="rsecbasicserver.dita" navtitle="Basic server security policy template"/>
+<topicref href="rsecbasicclient.dita" navtitle="Basic client security policy template"/>
+<topicref href="rsecbasictools.dita" navtitle="Basic tools security policy template"/>
 <topicref href="rsecpolicysample.dita" navtitle="Sample customized Java security policy file"/>
 <topicref href="csecrunpolicy.dita" navtitle="Using a Java security policy file"/>
 <topicref href="csecembeddedperms.dita" navtitle="Running embedded Derby with a security manager"/>



Mime
View raw message