db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: SecurityManager incompatibility (was Re: 10.3 Concern: Need to make DBO restrictions [Derby-2264] optional at upgrade)
Date Wed, 30 May 2007 22:07:05 GMT
David Van Couvering wrote:
> I just did a perusal of the incompatibilities of 10.3.  My apologies
> for not looking sooner.   I would venture to guess that other users
> have been equally lazy - I think we generally expect the Derby team to
> "do the right thing" and not introduce incompatibilities between
> releases.  I really really think this discussion needs to be taken to
> derby-users.
>
> Anyway, the fact that user code may no longer run because all of a
> sudden the VM is running under a security manager concerns me.  Also,
> have you tested this in container environments where there is already
> a security manager installed?  How do these things interact?
If a security manager is already installed, then the server will boot 
regardless of whether authentication is on or off. The check for 
authentication happens only if the user neglects to install a security 
manager.

>
> But as much as it concerns me, it doesn't affect NetBeans, because we
> start the network server as a separate process.  *However*, the fact
> that a server won't start up without the -noSecurityManager option
> *does* have a direct impact on NetBeans.
>
> NetBeans has its own code to start up Derby within the tool:
>
>            NbProcessDescriptor desc = new NbProcessDescriptor(
>              java,
>              "-Dderby.system.home=\"" + getDerbySystemHome() + "\" " +
>              "-classpath \"" + getNetworkServerClasspath() + "\"" +
>              " org.apache.derby.drda.NetworkServerControl start"
>            );
>
> If I understand things correctly, the server will not start up under
> NetBeans using Derby 10.3 because authentication is turned off and the
> -noSecurityManager option is not provided.
>
> Also, if I understand things correctly, then when you upgrade to Derby
> 10.3 the *default* behavior is that the Network Server will *not*
> start up, because most users (in development anyway, which is where
> people will first experience Derby 10.3) will not have turned on user
> authentication.  I know it's turned off for NetBeans.
>
> it seems to me that if the user has not enabled user authentication,
> they should be able to run the Network Server without the security
> manager.  I can see two major usage modes:
>
> -> authentication turned on and security manager enabled
> -> authentication turned off and security manager disabled
>
> It seems to me we should support the first scenario.  If the user has
> authentication turned off, we can let the server start up with the
> following message:  "WARNING: user authentication is not enabled.
> You are now running in an insecure mode." And then turn off the
> security manager for the network server.
>
> This keeps things compatible but lets users know they're not in a
> secure mode.  If you keep seeing this in your server log every time
> you start up, you'll get the hint.
>
> Thanks,
>
> David
>
> On 5/30/07, Bernt M. Johnsen <Bernt.Johnsen@sun.com> wrote:
>> >>>>>>>>>>>> Rick Hillegas wrote (2007-05-30
06:26:08):
>> > Bernt M. Johnsen wrote:
>> > >>>>>>>>>>>>>Ståle Deraas wrote (2007-05-30
08:23:05):
>> > >>>>>>>>>>>>>
>> > >>Maybe the thread "Q: Should Derby 10.3 be Derby 11?" raised by 
>> Bernt is
>> > >>what people are thinking of......
>> > >>
>> > >
>> > >The thread is here:
>> > 
>> >http://www.nabble.com/Q:-Should-Derby-10.3-be-Derby-11--tf3260195.html
>> > >
>> > >
>> > I have reviewed this email thread. It is largely a discussion about 
>> how
>> > compatibility issues affect release names. It includes some discussion
>> > about the secure-server work (DERBY-2196). It does not have much to 
>> say
>> > about DERBY-2264.
>>
>> That's right. My question was raised based on the fact that my db
>> start script suddenly needed a -noSecurityManager switch in
>> 10.3. I.e. an incompatability.
>>
>> Stan is pointing at another incompatability, but in principle it's the
>> same kind of problem: 10.3 will not be compatible with 10.2.
>>
>> > The discussion motivated us to document the
>> > incompatibilities introduced by DERBY-2196 and DERBY-2264--we 
>> described
>> > those incompatibilities at the end of the 10.3 release page:
>> > http://wiki.apache.org/db-derby/DerbyTenThreeRelease
>>
>>
>>
>> >
>> > I don't see much discussion of DBO powers here.
>> >
>> > Regards,
>> > -Rick
>>
>> -- 
>> Bernt Marius Johnsen, Database Technology Group,
>> Staff Engineer, Technical Lead Derby/Java DB
>> Sun Microsystems, Trondheim, Norway
>>
>>


Mime
View raw message