db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Digulla (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3083) Network server demands a file called "derbynet.jar" in classpath
Date Wed, 07 Nov 2007 19:36:50 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540856
] 

Aaron Digulla commented on DERBY-3083:
--------------------------------------

Well, I've used tons of Java software (probably everything kind except for applets) and Derby
was the first one to have a Security Manager, so in my case running into one violated the
rule "least surprises". OTOH, I know perfectly well that a misconfigured network server compromises
the security of my computer (they all do, that's common knowledge even if most people actively
ignore this simple fact). Therefore, a network server which is secure also violates the rule.

So it is an attempt to make the world better on your part but it certainly breaks the "least
surprise" rule unless you can make it work even when I do strange things like renaming the
JAR, repackaging everything in an ueberjar and the like. If you really, absolutely need to
have your SM, make it fail gracefully (if DerbyNet can't install it, print a warning and go
on) or ask the user to enable it with an option if they need/want it.

Otherwise, you will annoy 90% of the users of your code:

10% know more about security than you do and they do it differently; trying to teach them
won't work
80% don't know and don't care and they hate you for making their lives "unnecessary" complex
(a.k.a "what do I need that stupid virus scanner for? Open that proxy already! OWN3Z.COM wants
to install TakeOver.EXE? OK!")
Which leaves 10% who don't know and care enough to learn how to secure their system

;-)

I'm in the first 10%, by the way: For my JUnit tests, I just need an option to bind the server
to 127.0.0.1 and no SM.

> Network server demands a file called "derbynet.jar" in classpath
> ----------------------------------------------------------------
>
>                 Key: DERBY-3083
>                 URL: https://issues.apache.org/jira/browse/DERBY-3083
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.3.1.4
>            Reporter: Aaron Digulla
>         Attachments: derby-716-10-datatypesCollation-aa.diff
>
>
> The network server will not start if the derbynet jar is added under a different name
than "derbynet.jar" to the classpath. This makes it impossible to use it in maven projects
where the jar is renamed to "derbynet-10.3.1.4.jar".
> This did work with 10.2.2.0

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message