db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2811) Specifying -h 0.0.0.0 with default security manager bars clients from connecting from any host
Date Thu, 14 Jun 2007 23:53:26 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504967
] 

Dag H. Wanvik commented on DERBY-2811:
--------------------------------------

Yes, using another property would be good, I think.  I am less sure about
your concrete name proposal: to me a host has a name (usually) and an address,
and it the case of derby.drda.host one may give it a value of either a name or an IP address.
This would be the case for this new property as well, so I would suggest
something like derby.security.host.

If I understand correctly, the new property, if not set, would default to the same value as
derby.drda.host, possibly overridden by -h option,
providing that isn't "0.0.0.0" or "::" (in which case one would translate it
to "*"). That way existing apps would run unchanged, I think.

Sounds good to me.





> Specifying -h 0.0.0.0 with default security manager bars clients from connecting from
any host
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2811
>                 URL: https://issues.apache.org/jira/browse/DERBY-2811
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Security
>    Affects Versions: 10.3.0.0
>            Reporter: Dag H. Wanvik
>            Assignee: Rick Hillegas
>         Attachments: derby-2811-01.diff
>
>
> The default policy file installed has this stanza:
>   :
>   permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
>   :
> Normally, specifying -h 0.0.0.0 to NetworkServerControl lets clients connect
> from any host, but with the default policy file installed
> connecting fails even from localhost.
> I think this is because SocketPermission only recognizes "*" as a catch-all.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message