db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2883) template security policy file for network server uses undefined property derby.security.host
Date Fri, 29 Jun 2007 16:58:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12509151
] 

Rick Hillegas commented on DERBY-2883:
--------------------------------------

Right now the server bothers to set these properties only if the user forgets to install a
security manager. I wonder if the server should always set these properties. This might reduce
the number of errors which the customer can commit when fine-tuning the template policy. That
might improve the out-of-box experience given the tendency of the Java security manager to
swallow bad syntax silently and then cryptically fail. This affect the two properties you
have mentioned: derby.security.host and derby.install.url. For derby.install.url, we should
still beef up the comments in the policy file. This would be an argument for leaving these
properties (appropriately renamed) in the template policy file.

Off the top of my head, derby.__rt seems like a reasonable namespace for these properties.
These properties conform to the definition in Property.java, which reserves this namespace
for properties which are not persisted.

I wonder also if the server should always set derby.system.home if it is not set. I think
that this could, again, improve the out-of-box experience for customers who fine-tune the
template policy.

> template security policy file for network server uses undefined property derby.security.host
> --------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2883
>                 URL: https://issues.apache.org/jira/browse/DERBY-2883
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Security
>    Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0
>            Reporter: Daniel John Debrunner
>
> DERBY-2811 changed the use of 
> permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
> to
> permission java.net.SocketPermission "${derby.security.host}:*", "accept"; 
> I think this is correct for the default policy file used by the network server, but incorrect
for the user template file.
> I think rather than exposing this "internal property" derby.security.host, the template
should continue to use ${derby.drda.host}
> and include comments about needing to change it if the server is listening on a wildcard
address. Currently there's no explanation of where derby.security.host comes from.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message