db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2466) Allow dynamic reloading of the security policy file
Date Fri, 23 Mar 2007 18:25:32 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12483693
] 

Rick Hillegas commented on DERBY-2466:
--------------------------------------

Hi Dan,

In my mind, the Basic server policy has two purposes:

1) It captures the basic permissions needed to run the server under a security  manager.

2) It is the customizable template which users copy then edit in order to fit Derby into their
secure runtime environment.

I agree that the getPolicy() permission is not needed for the first purpose. However, it's
good to have it for the second purpose because it brings this issue to customer's attention:
they will need this permission if they want to change their customized policies on the fly.


> Allow dynamic reloading of the security policy file
> ---------------------------------------------------
>
>                 Key: DERBY-2466
>                 URL: https://issues.apache.org/jira/browse/DERBY-2466
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Rick Hillegas
>         Assigned To: Rick Hillegas
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2466-01.diff
>
>
> The spec attached to DERBY-2109 describes how to allow the policy file to be dynamically
reloaded while a server is running: We add a getPolicy permission to the Basic policy and
we add a DBA-owned system procedure, SYSCS_UTIL.SYSCS_REFRESH_SECURITY_POLICY(), which reloads
the policy file. This JIRA tracks that work.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message