db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Installing a SecurityManager by default when the server boots
Date Thu, 08 Nov 2007 20:00:06 GMT
Thanks Stan. Just to clarify: your impression was that this group was in 
favor of Derby's automatic installation of a security manager?


Stanley Bradbury wrote:
> I obtained a positive reaction from a group with a large install base 
> that will be transitioning to version 10.3.  Derby and Network Server 
> are used with sample code and readily available for use as a business 
> system data store. The statement I received is:
> "I am all for it.  Anything that will mean not breaking customers out 
> of the box is a good thing."
> Rick Hillegas wrote:
>> As of release 10.3, when you boot the network server from the command 
>> line, the server installs a Java SecurityManager with a default 
>> policy. This change (DERBY-2196) limits the ability of hackers, 
>> connecting from arbitrary machines, to use Derby to corrupt the 
>> environment in which it is running. In addition, this change provides 
>> a foundation on which we can add more security features 
>> incrementally. As a result of this change, we have learned more about 
>> how Derby behaves when run under a SecurityManager--that in turn, has 
>> helped us discover more permissions which we need to add to the 
>> template used as a starting point for configuring a Derby security 
>> policy.
>> Unfortunately, this change has proved painful to some users. See, for 
>> instance, DERBY-3086 and the ongoing discussion on DERBY-3083.
>> Now that we have some experience with the 10.3 release, I would like 
>> to ask the community to review the wisdom of this change. Do we still 
>> think that this is the correct default behavior? Or should we 
>> consider turning off this feature in the upcoming 10.3 maintenance 
>> release?
>> Thanks,
>> -Rick

View raw message