db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2811) Specifying -h 0.0.0.0 with default security manager bars clients from connecting from any host
Date Thu, 14 Jun 2007 22:38:26 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504952
] 

Rick Hillegas commented on DERBY-2811:
--------------------------------------

Thanks for the additional thoughts, Dag. Perhaps, we should not use derby.drda.host as the
parameter name in the default policy file. Instead, we could use some parameter name like
derby.host.address. We would forcibly set this variable and leave derby.drda.host alone.

To summarize:

1) In server.policy, we would change drda.host to derby.host.address. And derby.host.address
would be the system property that the server forcibly sets

2) We would set derby.host.adress to "*" if the customer specified the host as "0.0.0.0" or
"::"

> Specifying -h 0.0.0.0 with default security manager bars clients from connecting from
any host
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2811
>                 URL: https://issues.apache.org/jira/browse/DERBY-2811
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Security
>    Affects Versions: 10.3.0.0
>            Reporter: Dag H. Wanvik
>            Assignee: Rick Hillegas
>         Attachments: derby-2811-01.diff
>
>
> The default policy file installed has this stanza:
>   :
>   permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
>   :
> Normally, specifying -h 0.0.0.0 to NetworkServerControl lets clients connect
> from any host, but with the default policy file installed
> connecting fails even from localhost.
> I think this is because SocketPermission only recognizes "*" as a catch-all.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message