db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kathey Marsden <kmarsdende...@sbcglobal.net>
Subject Re: Working with security policy
Date Mon, 23 Jan 2006 01:45:08 GMT
David W. Van Couvering wrote:

> When I was doing the classloader work, I had to grant permission to
> the Derby codebase to be able to do classloader-related work
> (createClassloader, accessClassInPackage.sun.reflect, getClassloader,
> getProtectionDomain).
> How do I know whether granting a certain permission is shadowing a
> "bug" versus the right thing to do?

I was a little confused by this question,  but I think in general, if
existing tests started needing new permissions, that would be a bug.

> I suspect what you want is as refined a policy as possible -- granting
> only the necessary permissions to the necessary jar file(s).
I agree

> Also, if I need to grant new permissions, as above, what documentation
> do I need to change.  Where is the "default policy file" that we ship
> to users (or does such a file not yet exist), as I would obviously
> need to modify this...  Is derby_tests.policy being used as a template
> for this?
We don't ship a default policy file but have samples in the
documentation.    It would be good to have security manager on and
sample policy files  used with the framework scripts, particularly for
network server.


View raw message