db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [jira] Created: (DERBY-1056) Print a security warning to derby.log and network server console if network server is started with -h 0.0.0.0 and security manager, user authentication, and ecrypted userid are not on
Date Sun, 26 Feb 2006 17:56:13 GMT
Kathey Marsden (JIRA) wrote:
> Print a security warning to derby.log and network server console if network server is
started with -h 0.0.0.0 and security manager, user authentication, and ecrypted userid are
not on
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

> 
> Even when started with the localhost default there can be security  issues  if the machine
itself is not secure.

Can you elaborate on this, or is it documented elsewhere?

A secure environment is always built upon layers, I don't see how
running a Derby network server listening on localhost can add security
risks to a non-secure machine.

Thanks,
Dan.


Mime
View raw message