db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [jira] Commented: (DERBY-891) derby_tests.policy file contains references to csinfo and db2j - should get cleaned up
Date Thu, 02 Feb 2006 15:18:17 GMT
Myrna van Lunteren wrote:

> I had run derbyall (as I reported) with sane jars (and classes). All passed.
>  
> For derbynet.jar, used only on the server machine, the permissions need
> to be granted to the client machine. For derbyclient.jar, used only on
> the client machine, the permissions need to be granted to the server
> machine.

The derbynet.jar is also (can be) used on the client to perform ping's
etc. That's why the connect permission (I thought) was needed for the
server machine. Though it could be currently no tests are using that in
remote mode.

> At least, that seemed to work and it made sense to me.
> (Just for checks, I made sure the remote server testing works with the
> server started with sane and insane jars and this policy file. I need
> more changes in the tests in a follow-up patch to fully test the remote
> server stuff - that will be with DERBY-871; which is on hold waiting for
> this one).

Hmmm, very strange. I would have thought that in remote mode the server
needed accept permission on the real hostname, not just on 127.0.0.1 or
localhost which is all that would be left after this patch.

I think the policy file could do with further cleanup, separate to the
this patch, related to the socket permissions. It is probably possible
to remove the localhost and 127.0.0.1 related permissions and rely only
on the permissions granted through derbyTesting.{server,client}host names.

Possibly the best way forward is to limit this patch to the DERBY-891's
description, renaming properties. Then clean up the granted socket
permissions in a separate jira item. Keeping distinct issues separated
is always good.

Thanks,
Dan.


Mime
View raw message