Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 5952 invoked from network); 14 Jun 2007 00:45:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Jun 2007 00:45:53 -0000 Received: (qmail 10928 invoked by uid 500); 14 Jun 2007 00:45:56 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 10904 invoked by uid 500); 14 Jun 2007 00:45:56 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 10895 invoked by uid 99); 14 Jun 2007 00:45:56 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2007 17:45:56 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jun 2007 17:45:52 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 9B7D2714062 for ; Wed, 13 Jun 2007 17:45:32 -0700 (PDT) Message-ID: <24210099.1181781932627.JavaMail.jira@brutus> Date: Wed, 13 Jun 2007 17:45:32 -0700 (PDT) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-2811) Specifying -h 0.0.0.0 with default security manager bars clients from connecting from any host In-Reply-To: <27026284.1181754446943.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rick Hillegas updated DERBY-2811: --------------------------------- Attachment: derby-2811-01.diff Attaching a patch for this problem: derby-2811-01.diff. Dag, could you take a gander at this? I will run tests later tonight. Touches the following files: M java/drda/org/apache/derby/drda/NetworkServerControl.java The special 0.0.0.0 Derby wildcard is translated into the * wildcard for poking into the system properties so that the vm can substitute * into the host variable in the default policy. M java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java Added a test case for host 0.0.0.0. M java/testing/org/apache/derbyTesting/junit/NetworkServerTestSetup.java Modified this decorator so that it can handle this edge case. Added some more defensive logic in places where exceptions were being silently swallowed. I noticed test hangs when running the new test case against a server without the changes to NetworkServerControl. After adding the defensive code, the tests don't hang anymore in that situation and SecureServerTest runs cleanly with the changes to NetworkServerControl. However, we should think more about how to handle unexpected ping errors in this decorator. > Specifying -h 0.0.0.0 with default security manager bars clients from connecting from any host > ---------------------------------------------------------------------------------------------- > > Key: DERBY-2811 > URL: https://issues.apache.org/jira/browse/DERBY-2811 > Project: Derby > Issue Type: Bug > Components: Network Server > Affects Versions: 10.3.0.0 > Reporter: Dag H. Wanvik > Assignee: Rick Hillegas > Attachments: derby-2811-01.diff > > > The default policy file installed has this stanza: > : > permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; > : > Normally, specifying -h 0.0.0.0 to NetworkServerControl lets clients connect > from any host, but with the default policy file installed > connecting fails even from localhost. > I think this is because SocketPermission only recognizes "*" as a catch-all. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.