db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2874) NetworkServer not accepting connections with default security manager on Ipv6 machines
Date Wed, 27 Jun 2007 13:10:26 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12508534
] 

Rick Hillegas commented on DERBY-2874:
--------------------------------------

Thanks for test-driving this patch, Manjula. It also works for me on my personal laptop, which
runs a version of Suse with dual v4 and v6 protocol stacks.

I think that it would be better to restrict the socket permission as much as possible just
as it would be better to restrict the file permissions as much as possible. However, I think
this more liberal socket permission is fine for the default policy just as the liberal file
permission is ok. The liberal socket permission is only granted to derbynet.jar and the server
limits itself to addresses specified at boot time. Socket permission continues to be denied
to code outside the server, such as user-written functions and procedures.

> NetworkServer not accepting connections with default security manager on Ipv6 machines
> --------------------------------------------------------------------------------------
>
>                 Key: DERBY-2874
>                 URL: https://issues.apache.org/jira/browse/DERBY-2874
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.3.0.0
>         Environment: Ipv6 machine with ibm jvm 15
>            Reporter: Manjula Kutty
>            Assignee: Rick Hillegas
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2874-01.diff, derby-2874-wildcard-01.diff, server.policy
>
>
> While running tests on Ipv6 machines using the 10.3 jars with the default security manager,
I had the following findings/questions
> I started the server like this java org.apache.derby.drda.NetworkServerControl start
-h 2002:92a:8f7a:13:9:42:74:19
> and the server started with the following command
> Security manager installed using the Basic server security policy.
> Apache Derby Network Server - 10.3.1.0 beta - (548006) started and ready to accept connections
on port 1527 at 2007-06-25 23:44: 36.835 GMT
>  
> So I think the server is using the default security manager. Then when I tried to get
conenction though ij
>  
> got the following error message
> Access denied (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016 accept,resolve)
> java.security.AccessControlException: Access denied (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016
accept,resolve) 
>         at java.security.AccessController.checkPermission(AccessController.java:104)
>         at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
>         at java.lang.SecurityManager.checkAccept (SecurityManager.java:1172)
>         at java.net.ServerSocket.implAccept(ServerSocket.java:466)
>         at java.net.ServerSocket.accept(ServerSocket.java:433)
>         at org.apache.derby.impl.drda.ClientThread$1.run (Unknown Source)
>         at java.security.AccessController.doPrivileged(AccessController.java:242)
>         at org.apache.derby.impl.drda.ClientThread.run(Unknown Source)
>  
> I had the derby.properties file like this
>  
> derby.database.sqlAuthorization=true
> derby.connection.requireAuthentication=true
> derby.infolog.append=true
> derby.authentication.provider=BUILTIN
> derby.stream.error.logSeverityLevel=0
> #derby.language.logStatementText=true
> # User's Definitions
> derby.user.user2=pass2

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message