db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2196) Run standalone network server with security manager by default
Date Tue, 06 Feb 2007 21:52:06 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12470750
] 

Daniel John Debrunner commented on DERBY-2196:
----------------------------------------------

I think the two properties in rev 6 {derby.derby.jar and derby.derbynet.jar} are overkill.
I think a single property that is the location of the derby jar files is sufficient and will
be clearer to readers of the template policy.

If someone is repackaging Derby and is copying and modifying the template file then they are
unlikely to use ${derby.derby.jar} to refer to their own application jar file that includes
Derby.

I'm also believe that anyone that does package the Derby classes in their own jars is not
really a concern for the Derby project. Derby's security is in part based upon its jar file
layout, due to such concepts as jar signing. It seems hard for the project to provide any
guarantees when the code is packaged by someone else.

I think the typical repackaging now is to include multiple jars and have the application's
jar file have a classpath manifest that refers to other jar files, such as derby.jar.

> Run standalone network server with security manager by default
> --------------------------------------------------------------
>
>                 Key: DERBY-2196
>                 URL: https://issues.apache.org/jira/browse/DERBY-2196
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server, Security
>            Reporter: Daniel John Debrunner
>         Assigned To: Rick Hillegas
>         Attachments: derby-2196-01-print-01.diff, derby-2196-01-print-02.diff, secureServer.html,
secureServer.html, secureServer.html, secureServer.html, secureServer.html, secureServer.html
>
>
> From an e-mail discussion:
> ... Derby should match the security  provided by typical client server systems such as
DB2, Oracle, etc. I 
> think in this case system/database owners are trusting the database 
> system to ensure that their system cannot be attacked. So maybe if Derby 
> is booted as a standalone server with no security manager involved, it 
> should install one with a default security policy. Thus allowing Derby 
> to use Java security manager to manage system privileges but not 
> requiring everyone to become familiar with them.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/%3c4582FE67.7040308@apache.org%3e
> I imagine such a policy would allow any access to databases under derby.system.home and/or
user.home.
> By standalone I mean the network server was started though the main() method (command
line).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message