db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen" <John.Embret...@Sun.COM>
Subject Re: Protecting system properties
Date Thu, 07 Feb 2008 19:18:05 GMT
Daniel John Debrunner wrote:
> John Embretsen wrote:
> [lots of good comments snipped]
>> We, as Derby developers, should strive to keep the sensitivity of the
>> information stored as (derby) system properties to a minimum. For 
>> example, we
>> should recommend against defining usernames and passwords in 
>> cleartext as system
>> properties (especially in scenarios where remote JMX is enabled), and 
>> should
>> provide better alternatives to the users.
> A better alternative already exists today. Derby system level 
> properties can be specified in derby.properties, none of these values 
> are then set as JVM system properties, and thus they will not appear 
> to any standard jmx bean.

Yes, this is a good thing. Still not optimal, but it certainly helps. We 
could probably be more explicit about the differences in the manuals.

> Exposing these (or a security conscious subset of them) through 
> Derby's SystemMBean is fine, though I'm not sure that's what is being 
> proposed by the jmx changes. I.e. does SystemMbean just display the 
> value of the jvm system property or the value that derby is using (set 
> as a jvm system property or in derby.properties)?

I think the latter (the value derby is using). I think this is best,
from a usability perspective. (In the SystemMBean, most properties are
fetched using the getSystemProperty(...) method of
org.apache.derby.iapi.services.property.PropertyUtil). What to expose
through our own JMX beans is luckily easier to control than what is
available via platform features.


View raw message