db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dyre.Tjeldv...@Sun.COM
Subject Re: Installing a SecurityManager by default when the server boots
Date Fri, 09 Nov 2007 09:21:19 GMT
Rick Hillegas <Richard.Hillegas@Sun.COM> writes:

> As of release 10.3, when you boot the network server from the command
> line, the server installs a Java SecurityManager with a default
> policy. This change (DERBY-2196) limits the ability of hackers,
> connecting from arbitrary machines, to use Derby to corrupt the
> environment in which it is running. In addition, this change provides
> a foundation on which we can add more security features
> incrementally. As a result of this change, we have learned more about
> how Derby behaves when run under a SecurityManager--that in turn, has
> helped us discover more permissions which we need to add to the
> template used as a starting point for configuring a Derby security
> policy.
>
> Unfortunately, this change has proved painful to some users. See, for
> instance, DERBY-3086 and the ongoing discussion on DERBY-3083.
>
> Now that we have some experience with the 10.3 release, I would like
> to ask the community to review the wisdom of this change. Do we still
> think that this is the correct default behavior? Or should we consider
> turning off this feature in the upcoming 10.3 maintenance release?

Personally, I have always been a fan of the "if you don't need it,
you should not have to pay for it" philosophy. Where "pay" could mean
anything from a performance hit to extra hassles when getting started.

That said, I the community has concluded (fairly recently) that having
the SecurityManager installed by default is a good thing. IMHO it only
makes sense to review this decision if issues that weren't considered
the previously, come up. If I remember correctly, the hassle
factor was considered and found not to be important (enough) in the
initial discussion. 

Wrt. the Maven issue, it seems reasonable to me that
if Maven decides to re-package jars then it is also their
responsiblity to update the policy files... but if if this is a major
usability issue, then maybe we need to consider it.

-- 
dt

Mime
View raw message