Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 55998 invoked from network); 14 Jun 2007 23:53:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Jun 2007 23:53:47 -0000 Received: (qmail 77721 invoked by uid 500); 14 Jun 2007 23:53:50 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 77690 invoked by uid 500); 14 Jun 2007 23:53:50 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 77679 invoked by uid 99); 14 Jun 2007 23:53:50 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Jun 2007 16:53:50 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Jun 2007 16:53:46 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2421A714168 for ; Thu, 14 Jun 2007 16:53:26 -0700 (PDT) Message-ID: <1117500.1181865206144.JavaMail.jira@brutus> Date: Thu, 14 Jun 2007 16:53:26 -0700 (PDT) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2811) Specifying -h 0.0.0.0 with default security manager bars clients from connecting from any host In-Reply-To: <27026284.1181754446943.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12504967 ] Dag H. Wanvik commented on DERBY-2811: -------------------------------------- Yes, using another property would be good, I think. I am less sure about your concrete name proposal: to me a host has a name (usually) and an address, and it the case of derby.drda.host one may give it a value of either a name or an IP address. This would be the case for this new property as well, so I would suggest something like derby.security.host. If I understand correctly, the new property, if not set, would default to the same value as derby.drda.host, possibly overridden by -h option, providing that isn't "0.0.0.0" or "::" (in which case one would translate it to "*"). That way existing apps would run unchanged, I think. Sounds good to me. > Specifying -h 0.0.0.0 with default security manager bars clients from connecting from any host > ---------------------------------------------------------------------------------------------- > > Key: DERBY-2811 > URL: https://issues.apache.org/jira/browse/DERBY-2811 > Project: Derby > Issue Type: Bug > Components: Network Server, Security > Affects Versions: 10.3.0.0 > Reporter: Dag H. Wanvik > Assignee: Rick Hillegas > Attachments: derby-2811-01.diff > > > The default policy file installed has this stanza: > : > permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; > : > Normally, specifying -h 0.0.0.0 to NetworkServerControl lets clients connect > from any host, but with the default policy file installed > connecting fails even from localhost. > I think this is because SocketPermission only recognizes "*" as a catch-all. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.