db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2811) Specifying -h with default security manager bars clients from connecting from any host
Date Fri, 15 Jun 2007 01:08:26 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504991

Dag H. Wanvik commented on DERBY-2811:

Checking up on IPv6 address syntax a bit, I see the
unspecified address in IPv6 can also be legally written, say, as

0:0:0:0:0:0:0:0 (preferred form)

and in many other ways, I think, cf. http://www.faqs.org/rfcs/rfc2373.html, sec 2.2.

The form "::" is a special syntax for a sequence of consecutive
of zeros in an IPv6 address (can be used only once).

The rfc mentions both "0:0:0:0:0:0:0:0" and "::" as examples on "unspecified address".

For that matter, I guess even in IPv4, one could use leading zeros..

so for a safe recognition of "unspecified address" one would need to parse the IP address

> Specifying -h with default security manager bars clients from connecting from
any host
> ----------------------------------------------------------------------------------------------
>                 Key: DERBY-2811
>                 URL: https://issues.apache.org/jira/browse/DERBY-2811
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Security
>    Affects Versions:
>            Reporter: Dag H. Wanvik
>            Assignee: Rick Hillegas
>         Attachments: derby-2811-01.diff
> The default policy file installed has this stanza:
>   :
>   permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
>   :
> Normally, specifying -h to NetworkServerControl lets clients connect
> from any host, but with the default policy file installed
> connecting fails even from localhost.
> I think this is because SocketPermission only recognizes "*" as a catch-all.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message