db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2883) template security policy file for network server uses undefined property derby.security.host
Date Fri, 29 Jun 2007 17:12:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12509155
] 

Daniel John Debrunner commented on DERBY-2883:
----------------------------------------------

I don't think setting the properties will work for two reasons:

 1) The template policy doesn't allow setting system properties. Most likely the user's policy
file won't either.

 2) the server setting the properties will be too late, the policy file has already been processed
by the time the Derby code will be running.

> template security policy file for network server uses undefined property derby.security.host
> --------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2883
>                 URL: https://issues.apache.org/jira/browse/DERBY-2883
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Security
>    Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0
>            Reporter: Daniel John Debrunner
>
> DERBY-2811 changed the use of 
> permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
> to
> permission java.net.SocketPermission "${derby.security.host}:*", "accept"; 
> I think this is correct for the default policy file used by the network server, but incorrect
for the user template file.
> I think rather than exposing this "internal property" derby.security.host, the template
should continue to use ${derby.drda.host}
> and include comments about needing to change it if the server is listening on a wildcard
address. Currently there's no explanation of where derby.security.host comes from.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message