db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Compatibility issue for 10.4
Date Thu, 17 Jan 2008 17:16:56 GMT
Daniel John Debrunner wrote:
> Rick Hillegas wrote:
>> Thanks to everybody for the discussion so far. And thanks to Martin 
>> for revising the SystemPrivilegesBehaviour.html summary attached to 
>> DERBY-2109.  I think that my initial posting garbled the description 
>> of the compatibilty issues. I would like to restate what the 
>> backward-compatibility issues are:
> 
>> 2) Customers running just with Java Security (but no Authentication):
>>
>>   No compatibility issues.
> 
> The patch to DERBY-2109 does not implement this, instead 4b) is required:
> 
>>   b) Must add additional privileges to the Java Security policy file 
>> (unless the default policy file is used)

I think that the patch (by accident) is actually correct here. Since 
Java permissions can be granted to code and to principals that are not 
database principals, then derby authentication being active or not is 
not relevant. E.g. when running embedded in a J2EE container the 
principals may be setup and authorized correctly by the container, thus 
not requiring any database authentication. In that case I should be able 
to grant permission to a specific set of principals to create databases 
or shutdown the system.

Dan.

Mime
View raw message