db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Embretsen <John.Embret...@Sun.COM>
Subject Re: Just how more secure is (will be) 10.3 than 10.2?
Date Tue, 05 Jun 2007 08:42:22 GMT
Daniel John Debrunner wrote:
> Rick Hillegas wrote on derby-user>
> http://mail-archives.apache.org/mod_mbox/db-derby-user/200706.mbox/%3c46648064.6000809@sun.com%3e

>> The upcoming release of Derby 10.3 will make networked configurations 
>> safer by installing a Java security manager if the user forgets to 
>> install one. [snip]. As a result, it will be harder for hackers to 
>> corrupt multi-user applications and shared machines.
> One item that's missing from the post to the user list and any 
> discussion around this issue is how much more secure is 10.3 than 10.2? 
> It's worth stepping back and looking at the overall picture. I'd hate 
> for 10.3 to be overselling its security.

Measuring security is very hard, so I understand why Rick did not include any 
such claims in the post to derby-user, but I agree that it seems that this has 
not been thought through as much as some of us would have liked.

[snip various actions that may be "more secure" in 10.3 than 10.2]

> Not sure on that basis if I would call 10.3 "safer". If there are N ways 
> to break security and less than N is closed, then a system is not more 
> secure.

I tend to disagree. There will _always_ be security holes in systems such as 
Derby. Does that mean that we can never use the terms "more secure" or "safer"? 
Of course, there are no guarantees, but hopefully we are closing more (at least 
more severe) security holes than we are introducing with this release. I would 
define this as being "more secure" and "safer", though not "secure" nor "safe".

If this reasoning is not valid, would it also be wrong to say that Derby 10.3 is 
safer than 10.0?
Would it be wrong to say that using encryption is safer than not using 
encryption at all?
For example, I know that the encryption in my home Wi-Fi network can be cracked, 
but I still regard the system as safer (more secure) than my neighbor's 
unencrypted Wi-Fi network.

> I certainly think that any documentation or discussion should not imply 
> in any way that 10.3 out of the box is a secure system.



View raw message