db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-474) Improve Network Server security documentation
Date Fri, 09 Sep 2005 16:45:30 GMT
    [ http://issues.apache.org/jira/browse/DERBY-474?page=comments#action_12323057 ] 

Kathey Marsden commented on DERBY-474:
--------------------------------------

Documentation should also be updated to have an appropriate warning about using the bootPassword
attribute from a client. .  

Currently with Network Client embeded attributes are sent  as clear text to the server even
when encrypted user id and password are specified as the security mechanism.


> Improve Network Server security  documentation
> ----------------------------------------------
>
>          Key: DERBY-474
>          URL: http://issues.apache.org/jira/browse/DERBY-474
>      Project: Derby
>         Type: Improvement
>   Components: Documentation
>     Versions: 10.2.0.0
>     Reporter: Kathey Marsden

>
> The network server security documentation should document security manager permissions
needed separate from the example policy file.
> The example policy file should separate permissions by jar file.
> There should not be examples of starting network server with the -h 0.0.0.0 option without
using security manager.
> Risks of running outside of security manager and without user authentication  should
be documented.
> Discussion should be included about client encrypted user id password and associated
 limitations.
> The section should mention that there is no data stream encryption with network server.
> http://incubator.apache.org/derby/docs/adminguide/tadminnetservrun.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message