db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Derby on Ipv6
Date Tue, 26 Jun 2007 15:46:11 GMT
Daniel John Debrunner wrote:
> Rick Hillegas wrote:
>> Manjula Kutty wrote:
>>>
>>> Hi
>>>  
>>> While running tests on Ipv6 machines using the 10.3 jars with the 
>>> default security manager, I had the following findings/questions
>>> I started the server like this java 
>>> org.apache.derby.drda.NetworkServerControl start -h 
>>> 2002:92a:8f7a:13:9:42:74:19
>
>> Thanks for test-driving this on ipv6. The machines handy to me are 
>> all ipv4 so I can't reproduce your experiment yet. However, it seems 
>> to me that, given your command line, the default policy file is going 
>> to grant derbynet.jar accept permission on localhost:*. On an ipv6 
>> machine this may not be a legal address. 
>
> Why given the host name of '2002:92a:8f7a:13:9:42:74:19' is the policy 
> file being set up to use 'localhost'? If the -h had been a hostname or 
> its ip(4) address then I wouldn't expect the policy file to use 
> 'localhost' because as I understand it such a hostname means it will 
> accept remote connections.
>
> Dan.
>
>
Ah, I misread Manjula's post. What will happen is this:

1) The policy file grants accept permission to "${derby.security.host}:*"

2) NetworkServerControl will call getHost() on the 
NetworkServerControlImpl instance. The system property 
derby.security.host will then be set to the value returned by getHost().

3) So, if getHost() returns "2002:92a:8f7a:13:9:42:74:19", then accept 
permission will be granted to "2002:92a:8f7a:13:9:42:74:19:*"

-Rick

Mime
View raw message