Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 97524 invoked from network); 5 Jun 2007 08:52:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Jun 2007 08:52:11 -0000 Received: (qmail 4060 invoked by uid 500); 5 Jun 2007 08:52:13 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 4025 invoked by uid 500); 5 Jun 2007 08:52:13 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 3984 invoked by uid 99); 5 Jun 2007 08:52:13 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jun 2007 01:52:13 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [192.18.1.36] (HELO gmp-ea-fw-1.sun.com) (192.18.1.36) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jun 2007 01:52:07 -0700 Received: from d1-emea-09.sun.com ([192.18.2.119]) by gmp-ea-fw-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l558ph5F028017 for ; Tue, 5 Jun 2007 08:51:45 GMT Received: from conversion-daemon.d1-emea-09.sun.com by d1-emea-09.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) id <0JJ500401N2BPY00@d1-emea-09.sun.com> (original mail from John.Embretsen@Sun.COM) for derby-dev@db.apache.org; Tue, 05 Jun 2007 09:51:43 +0100 (BST) Received: from [129.159.112.236] by d1-emea-09.sun.com (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPSA id <0JJ5005PMN9SM08P@d1-emea-09.sun.com> for derby-dev@db.apache.org; Tue, 05 Jun 2007 09:51:33 +0100 (BST) Date: Tue, 05 Jun 2007 10:42:22 +0200 From: John Embretsen Subject: Re: Just how more secure is (will be) 10.3 than 10.2? In-reply-to: <4664ECE2.6080402@apache.org> Sender: John.Embretsen@Sun.COM To: derby-dev@db.apache.org Reply-to: derby-dev@db.apache.org Message-id: <466521EE.7060402@Sun.COM> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=ISO-8859-1 Content-transfer-encoding: 7BIT References: <4664ECE2.6080402@apache.org> User-Agent: Thunderbird 2.0.0.0 (X11/20070419) X-Virus-Checked: Checked by ClamAV on apache.org Daniel John Debrunner wrote: > Rick Hillegas wrote on derby-user> > > http://mail-archives.apache.org/mod_mbox/db-derby-user/200706.mbox/%3c46648064.6000809@sun.com%3e > > >> The upcoming release of Derby 10.3 will make networked configurations >> safer by installing a Java security manager if the user forgets to >> install one. [snip]. As a result, it will be harder for hackers to >> corrupt multi-user applications and shared machines. > > One item that's missing from the post to the user list and any > discussion around this issue is how much more secure is 10.3 than 10.2? > It's worth stepping back and looking at the overall picture. I'd hate > for 10.3 to be overselling its security. Measuring security is very hard, so I understand why Rick did not include any such claims in the post to derby-user, but I agree that it seems that this has not been thought through as much as some of us would have liked. [snip various actions that may be "more secure" in 10.3 than 10.2] > Not sure on that basis if I would call 10.3 "safer". If there are N ways > to break security and less than N is closed, then a system is not more > secure. I tend to disagree. There will _always_ be security holes in systems such as Derby. Does that mean that we can never use the terms "more secure" or "safer"? Of course, there are no guarantees, but hopefully we are closing more (at least more severe) security holes than we are introducing with this release. I would define this as being "more secure" and "safer", though not "secure" nor "safe". If this reasoning is not valid, would it also be wrong to say that Derby 10.3 is safer than 10.0? Would it be wrong to say that using encryption is safer than not using encryption at all? For example, I know that the encryption in my home Wi-Fi network can be cracked, but I still regard the system as safer (more secure) than my neighbor's unencrypted Wi-Fi network. > I certainly think that any documentation or discussion should not imply > in any way that 10.3 out of the box is a secure system. +1. -- John