Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 87781 invoked from network); 6 Feb 2007 18:30:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Feb 2007 18:30:27 -0000 Received: (qmail 66185 invoked by uid 500); 6 Feb 2007 18:30:33 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 66102 invoked by uid 500); 6 Feb 2007 18:30:33 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 66093 invoked by uid 99); 6 Feb 2007 18:30:33 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Feb 2007 10:30:33 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Feb 2007 10:30:26 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D4A5B7142A6 for ; Tue, 6 Feb 2007 10:30:05 -0800 (PST) Message-ID: <10038910.1170786605868.JavaMail.jira@brutus> Date: Tue, 6 Feb 2007 10:30:05 -0800 (PST) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2196) Run standalone network server with security manager by default In-Reply-To: <4216116.1166553920991.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2196?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12470684 ] Rick Hillegas commented on DERBY-2196: -------------------------------------- Let me make sure I understand what you are proposing: 1) We ship the default policy file in a human-accessilbe location, say a "templates" directory parallel to bin, doc, and lib 2) We also bundle the default policy file inside derbynet.jar. 3) When the server comes up, it copies the default policy file out of derbynet.jar into ${user.dir} so that it is visible to the security machinery. > Run standalone network server with security manager by default > -------------------------------------------------------------- > > Key: DERBY-2196 > URL: https://issues.apache.org/jira/browse/DERBY-2196 > Project: Derby > Issue Type: Improvement > Components: Network Server, Security > Reporter: Daniel John Debrunner > Assigned To: Rick Hillegas > Attachments: derby-2196-01-print-01.diff, derby-2196-01-print-02.diff, secureServer.html, secureServer.html, secureServer.html, secureServer.html, secureServer.html > > > From an e-mail discussion: > ... Derby should match the security provided by typical client server systems such as DB2, Oracle, etc. I > think in this case system/database owners are trusting the database > system to ensure that their system cannot be attacked. So maybe if Derby > is booted as a standalone server with no security manager involved, it > should install one with a default security policy. Thus allowing Derby > to use Java security manager to manage system privileges but not > requiring everyone to become familiar with them. > http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/%3c4582FE67.7040308@apache.org%3e > I imagine such a policy would allow any access to databases under derby.system.home and/or user.home. > By standalone I mean the network server was started though the main() method (command line). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.