db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Installing a SecurityManager by default when the server boots
Date Mon, 19 Nov 2007 16:42:53 GMT
Thanks to everyone for the useful discussion of this issue. It does not 
seem to me that there is a consensus for backing out this feature. I am 
inclined to leave it in.


Rick Hillegas wrote:
> As of release 10.3, when you boot the network server from the command 
> line, the server installs a Java SecurityManager with a default 
> policy. This change (DERBY-2196) limits the ability of hackers, 
> connecting from arbitrary machines, to use Derby to corrupt the 
> environment in which it is running. In addition, this change provides 
> a foundation on which we can add more security features incrementally. 
> As a result of this change, we have learned more about how Derby 
> behaves when run under a SecurityManager--that in turn, has helped us 
> discover more permissions which we need to add to the template used as 
> a starting point for configuring a Derby security policy.
> Unfortunately, this change has proved painful to some users. See, for 
> instance, DERBY-3086 and the ongoing discussion on DERBY-3083.
> Now that we have some experience with the 10.3 release, I would like 
> to ask the community to review the wisdom of this change. Do we still 
> think that this is the correct default behavior? Or should we consider 
> turning off this feature in the upcoming 10.3 maintenance release?
> Thanks,
> -Rick

View raw message