db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Van Couvering" <da...@vancouvering.com>
Subject SecurityManager incompatibility (was Re: 10.3 Concern: Need to make DBO restrictions [Derby-2264] optional at upgrade)
Date Wed, 30 May 2007 21:01:27 GMT
I just did a perusal of the incompatibilities of 10.3.  My apologies
for not looking sooner.   I would venture to guess that other users
have been equally lazy - I think we generally expect the Derby team to
"do the right thing" and not introduce incompatibilities between
releases.  I really really think this discussion needs to be taken to
derby-users.

Anyway, the fact that user code may no longer run because all of a
sudden the VM is running under a security manager concerns me.  Also,
have you tested this in container environments where there is already
a security manager installed?  How do these things interact?

But as much as it concerns me, it doesn't affect NetBeans, because we
start the network server as a separate process.  *However*, the fact
that a server won't start up without the -noSecurityManager option
*does* have a direct impact on NetBeans.

NetBeans has its own code to start up Derby within the tool:

            NbProcessDescriptor desc = new NbProcessDescriptor(
              java,
              "-Dderby.system.home=\"" + getDerbySystemHome() + "\" " +
              "-classpath \"" + getNetworkServerClasspath() + "\"" +
              " org.apache.derby.drda.NetworkServerControl start"
            );

If I understand things correctly, the server will not start up under
NetBeans using Derby 10.3 because authentication is turned off and the
-noSecurityManager option is not provided.

Also, if I understand things correctly, then when you upgrade to Derby
10.3 the *default* behavior is that the Network Server will *not*
start up, because most users (in development anyway, which is where
people will first experience Derby 10.3) will not have turned on user
authentication.  I know it's turned off for NetBeans.

it seems to me that if the user has not enabled user authentication,
they should be able to run the Network Server without the security
manager.  I can see two major usage modes:

-> authentication turned on and security manager enabled
-> authentication turned off and security manager disabled

It seems to me we should support the first scenario.  If the user has
authentication turned off, we can let the server start up with the
following message:  "WARNING: user authentication is not enabled.
You are now running in an insecure mode." And then turn off the
security manager for the network server.

This keeps things compatible but lets users know they're not in a
secure mode.  If you keep seeing this in your server log every time
you start up, you'll get the hint.

Thanks,

David

On 5/30/07, Bernt M. Johnsen <Bernt.Johnsen@sun.com> wrote:
> >>>>>>>>>>>> Rick Hillegas wrote (2007-05-30 06:26:08):
> > Bernt M. Johnsen wrote:
> > >>>>>>>>>>>>>Ståle Deraas wrote (2007-05-30
08:23:05):
> > >>>>>>>>>>>>>
> > >>Maybe the thread "Q: Should Derby 10.3 be Derby 11?" raised by Bernt is
> > >>what people are thinking of......
> > >>
> > >
> > >The thread is here:
> > >http://www.nabble.com/Q:-Should-Derby-10.3-be-Derby-11--tf3260195.html
> > >
> > >
> > I have reviewed this email thread. It is largely a discussion about how
> > compatibility issues affect release names. It includes some discussion
> > about the secure-server work (DERBY-2196). It does not have much to say
> > about DERBY-2264.
>
> That's right. My question was raised based on the fact that my db
> start script suddenly needed a -noSecurityManager switch in
> 10.3. I.e. an incompatability.
>
> Stan is pointing at another incompatability, but in principle it's the
> same kind of problem: 10.3 will not be compatible with 10.2.
>
> > The discussion motivated us to document the
> > incompatibilities introduced by DERBY-2196 and DERBY-2264--we described
> > those incompatibilities at the end of the 10.3 release page:
> > http://wiki.apache.org/db-derby/DerbyTenThreeRelease
>
>
>
> >
> > I don't see much discussion of DBO powers here.
> >
> > Regards,
> > -Rick
>
> --
> Bernt Marius Johnsen, Database Technology Group,
> Staff Engineer, Technical Lead Derby/Java DB
> Sun Microsystems, Trondheim, Norway
>
>

Mime
View raw message