Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 48780 invoked from network); 9 Aug 2006 17:28:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 9 Aug 2006 17:28:04 -0000 Received: (qmail 39301 invoked by uid 500); 9 Aug 2006 17:28:03 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 39265 invoked by uid 500); 9 Aug 2006 17:28:03 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 39256 invoked by uid 99); 9 Aug 2006 17:28:03 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Aug 2006 10:28:03 -0700 X-ASF-Spam-Status: No, hits=1.9 required=10.0 tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [32.97.182.144] (HELO e4.ny.us.ibm.com) (32.97.182.144) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Aug 2006 10:28:02 -0700 Received: from d03relay04.boulder.ibm.com (d03relay04.boulder.ibm.com [9.17.195.106]) by e4.ny.us.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id k79HRdk3026245 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Wed, 9 Aug 2006 13:27:41 -0400 Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay04.boulder.ibm.com (8.13.6/NCO/VER7.0) with ESMTP id k79HPSkn070716 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 9 Aug 2006 11:25:28 -0600 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id k79HPSYs014842 for ; Wed, 9 Aug 2006 11:25:28 -0600 Received: from [127.0.0.1] (MARSDEN-IBM-LT1.usca.ibm.com [9.72.134.59]) by d03av01.boulder.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id k79HPPDN014706 for ; Wed, 9 Aug 2006 11:25:28 -0600 Message-ID: <44DA1A81.3030102@sbcglobal.net> Date: Wed, 09 Aug 2006 10:25:21 -0700 From: Kathey Marsden Reply-To: kmarsdenderby@sbcglobal.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: derby-dev@db.apache.org Subject: Re: Security Manager Testing coverage if user code does not have access to the database directory References: <44D9EB37.6020503@sbcglobal.net> <44D9F48F.2020600@apache.org> <44D9FBC2.9030805@sbcglobal.net> <44DA0793.5060709@apache.org> In-Reply-To: <44DA0793.5060709@apache.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Daniel John Debrunner wrote: > someone (I >think you) had already prepared it by running the network server under >the security manager. > > > You know since you brought this up, I have an ancient history question for you. I did put that in many years ago. At the time I thought network server offered a good framework for testing under security manager because we could start the server with restricted permissions and then get some security manager coverage for Derby embedded through Network Server. As you started working on bringing embedded on-line and getting the specific jar permissions separated, you had indicated that really the old network server testing didn't add much in terms of coverage, but I was always very confused by that, because looking back at the policy file, I see that permissions were restricted on the server side and I do recall the effort popping several bugs. Still, I think I must have a core misunderstanding of security manager and wonder if you might be willing to elaborate your assessment for my edification. Thanks Kathey