db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-1387) Add JMX extensions to Derby
Date Tue, 05 Feb 2008 17:24:12 GMT

    [ https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565824#action_12565824
] 

Daniel John Debrunner commented on DERBY-1387:
----------------------------------------------

The approach to security for the database mbean concerns me:

 - The authenticateUser approach exposes a huge security hole where any authenticated jmx
user can perform dbo operations for the database even if they do not have dbo credentials.
I think this is unacceptable.
 - It is defining a security model that does not match existing jmx approaches (e.g. the jmx
tutorial describes three security models including two that address fine grained authorization
(which is the issue here)).

I wonder if it is worth splitting the patch in two logical steps.

  1) Adding the framework to support Derby mbeans and skeleton beans. E.g. add a database
bean that only exposes limited information, such as the database id and possibly the name.

  2) Add functionality to the beans in a secure manner as required.

This suits the model of incremental development and allows others to get involved in adding
new information to existing beans or adding new beans in the framework.




> Add JMX extensions to Derby
> ---------------------------
>
>                 Key: DERBY-1387
>                 URL: https://issues.apache.org/jira/browse/DERBY-1387
>             Project: Derby
>          Issue Type: New Feature
>          Components: Services
>            Reporter: Sanket Sharma
>            Assignee: John H. Embretsen
>         Attachments: DERBY-1387-1.diff, DERBY-1387-1.stat, DERBY-1387-2.diff, DERBY-1387-2.stat,
DERBY-1387-3.diff, DERBY-1387-3.stat, DERBY-1387-4.diff, DERBY-1387-4.stat, DERBY-1387-5.diff,
DERBY-1387-5.stat, DERBY-1387-6.zip, DERBY-1387-7.zip, DERBY-1387-8.zip, DERBY-1387-9.diff,
DERBY-1387-9.stat, derbyjmx.patch, jmx.diff, jmx.stat, jmxFuncspec.html, jmxFuncspec.html,
jmxFuncspec.html, Requirements for JMX Updated.html, Requirements for JMX.html, Requirements
for JMX.zip
>
>
> This is a draft requirement specification for adding monitoring and management extensions
to Apache Derby using JMX. The requirements document has been uploaded on JIRA as well as
the Derby Wiki page at http://wiki.apache.org/db-derby/_Requirement_Specifications_for_Monitoring_%26_Management_Extensions_using_JMX
> Developers and Users are requested to please look at the document (feature list in particular)
and add their own rating to features by adding a coloumn to the table.
> Comments are welcome.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message