db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-2196) Run standalone network server with security manager by default
Date Fri, 09 Feb 2007 15:27:05 GMT

     [ https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-2196:
---------------------------------

    Attachment: derby-2196-02-install-01.diff

Attaching next piece of this work: derby-2196-02-install-01.diff. This patch does the following:

1) Changes the network server so that it installs a security manager when the server is booted
as the VM's entry point. User authentication must be turned on.

2) Introduces a new startup option, "-unsecure" so that customers can opt out of this secure-by-default
scheme if they need to.

3) Adjusts unit tests to account for the new "unsecure" option and the requirement that user
authentication be turned on when you boot the server.

Touches the following files:

M      java/engine/org/apache/derby/iapi/reference/Property.java
M      java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
M      java/drda/org/apache/derby/drda/NetworkServerControl.java
M      java/drda/org/apache/derby/drda/server.policy
M      java/drda/org/apache/derby/loc/drda/messages_en.properties
M      java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/testProperties.java
M      java/testing/org/apache/derbyTesting/functionTests/master/testProperties.out
M      java/testing/org/apache/derbyTesting/functionTests/master/derbyrunjartest.out
M      java/testing/org/apache/derbyTesting/functionTests/master/timeslice.out
M      java/testing/org/apache/derbyTesting/functionTests/master/maxthreads.out


> Run standalone network server with security manager by default
> --------------------------------------------------------------
>
>                 Key: DERBY-2196
>                 URL: https://issues.apache.org/jira/browse/DERBY-2196
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server, Security
>            Reporter: Daniel John Debrunner
>         Assigned To: Rick Hillegas
>         Attachments: derby-2196-01-print-01.diff, derby-2196-01-print-02.diff, derby-2196-01-print-03.diff,
derby-2196-02-install-01.diff, secureServer.html, secureServer.html, secureServer.html, secureServer.html,
secureServer.html, secureServer.html
>
>
> From an e-mail discussion:
> ... Derby should match the security  provided by typical client server systems such as
DB2, Oracle, etc. I 
> think in this case system/database owners are trusting the database 
> system to ensure that their system cannot be attacked. So maybe if Derby 
> is booted as a standalone server with no security manager involved, it 
> should install one with a default security policy. Thus allowing Derby 
> to use Java security manager to manage system privileges but not 
> requiring everyone to become familiar with them.
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/%3c4582FE67.7040308@apache.org%3e
> I imagine such a policy would allow any access to databases under derby.system.home and/or
user.home.
> By standalone I mean the network server was started though the main() method (command
line).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message