db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2466) Allow dynamic reloading of the security policy file
Date Fri, 23 Mar 2007 19:19:32 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12483715
] 

Daniel John Debrunner commented on DERBY-2466:
----------------------------------------------

I think having the same policy file for a secure environment and a template is not a good
approach.

It leads to additional security analysis for the secure environment, e.g. in this case how
does the getPolicy permission affect security? If it isn't there, then there's no need to
worry about it.
It can lead to lower security for the secure environment if the entries only for template
purposes can somehow be abused.

It's not like there's a huge amount of effort in creating a different template file, the contents
are not that complex.

> Allow dynamic reloading of the security policy file
> ---------------------------------------------------
>
>                 Key: DERBY-2466
>                 URL: https://issues.apache.org/jira/browse/DERBY-2466
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Rick Hillegas
>         Assigned To: Rick Hillegas
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2466-01.diff
>
>
> The spec attached to DERBY-2109 describes how to allow the policy file to be dynamically
reloaded while a server is running: We add a getPolicy permission to the Basic policy and
we add a DBA-owned system procedure, SYSCS_UTIL.SYSCS_REFRESH_SECURITY_POLICY(), which reloads
the policy file. This JIRA tracks that work.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message