db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2196) Run standalone network server with security manager by default
Date Tue, 19 Dec 2006 18:45:20 GMT
Run standalone network server with security manager by default
--------------------------------------------------------------

                 Key: DERBY-2196
                 URL: http://issues.apache.org/jira/browse/DERBY-2196
             Project: Derby
          Issue Type: Improvement
          Components: Network Server, Security
            Reporter: Daniel John Debrunner


>From an e-mail discussion:
... Derby should match the security  provided by typical client server systems such as DB2,
Oracle, etc. I 
think in this case system/database owners are trusting the database 
system to ensure that their system cannot be attacked. So maybe if Derby 
is booted as a standalone server with no security manager involved, it 
should install one with a default security policy. Thus allowing Derby 
to use Java security manager to manage system privileges but not 
requiring everyone to become familiar with them.

http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/%3c4582FE67.7040308@apache.org%3e

I imagine such a policy would allow any access to databases under derby.system.home and/or
user.home.
By standalone I mean the network server was started though the main() method (command line).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message