db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Installing a SecurityManager by default when the server boots
Date Wed, 07 Nov 2007 19:02:06 GMT
As of release 10.3, when you boot the network server from the command 
line, the server installs a Java SecurityManager with a default policy. 
This change (DERBY-2196) limits the ability of hackers, connecting from 
arbitrary machines, to use Derby to corrupt the environment in which it 
is running. In addition, this change provides a foundation on which we 
can add more security features incrementally. As a result of this 
change, we have learned more about how Derby behaves when run under a 
SecurityManager--that in turn, has helped us discover more permissions 
which we need to add to the template used as a starting point for 
configuring a Derby security policy.

Unfortunately, this change has proved painful to some users. See, for 
instance, DERBY-3086 and the ongoing discussion on DERBY-3083.

Now that we have some experience with the 10.3 release, I would like to 
ask the community to review the wisdom of this change. Do we still think 
that this is the correct default behavior? Or should we consider turning 
off this feature in the upcoming 10.3 maintenance release?


View raw message