Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 58441 invoked from network); 5 Feb 2008 17:24:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Feb 2008 17:24:36 -0000 Received: (qmail 56252 invoked by uid 500); 5 Feb 2008 17:24:28 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 56228 invoked by uid 500); 5 Feb 2008 17:24:28 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 56219 invoked by uid 99); 5 Feb 2008 17:24:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Feb 2008 09:24:28 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Feb 2008 17:24:20 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id DD493714079 for ; Tue, 5 Feb 2008 09:24:12 -0800 (PST) Message-ID: <12329367.1202232252901.JavaMail.jira@brutus> Date: Tue, 5 Feb 2008 09:24:12 -0800 (PST) From: "Daniel John Debrunner (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-1387) Add JMX extensions to Derby In-Reply-To: <4163741.1149764849905.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565824#action_12565824 ] Daniel John Debrunner commented on DERBY-1387: ---------------------------------------------- The approach to security for the database mbean concerns me: - The authenticateUser approach exposes a huge security hole where any authenticated jmx user can perform dbo operations for the database even if they do not have dbo credentials. I think this is unacceptable. - It is defining a security model that does not match existing jmx approaches (e.g. the jmx tutorial describes three security models including two that address fine grained authorization (which is the issue here)). I wonder if it is worth splitting the patch in two logical steps. 1) Adding the framework to support Derby mbeans and skeleton beans. E.g. add a database bean that only exposes limited information, such as the database id and possibly the name. 2) Add functionality to the beans in a secure manner as required. This suits the model of incremental development and allows others to get involved in adding new information to existing beans or adding new beans in the framework. > Add JMX extensions to Derby > --------------------------- > > Key: DERBY-1387 > URL: https://issues.apache.org/jira/browse/DERBY-1387 > Project: Derby > Issue Type: New Feature > Components: Services > Reporter: Sanket Sharma > Assignee: John H. Embretsen > Attachments: DERBY-1387-1.diff, DERBY-1387-1.stat, DERBY-1387-2.diff, DERBY-1387-2.stat, DERBY-1387-3.diff, DERBY-1387-3.stat, DERBY-1387-4.diff, DERBY-1387-4.stat, DERBY-1387-5.diff, DERBY-1387-5.stat, DERBY-1387-6.zip, DERBY-1387-7.zip, DERBY-1387-8.zip, DERBY-1387-9.diff, DERBY-1387-9.stat, derbyjmx.patch, jmx.diff, jmx.stat, jmxFuncspec.html, jmxFuncspec.html, jmxFuncspec.html, Requirements for JMX Updated.html, Requirements for JMX.html, Requirements for JMX.zip > > > This is a draft requirement specification for adding monitoring and management extensions to Apache Derby using JMX. The requirements document has been uploaded on JIRA as well as the Derby Wiki page at http://wiki.apache.org/db-derby/_Requirement_Specifications_for_Monitoring_%26_Management_Extensions_using_JMX > Developers and Users are requested to please look at the document (feature list in particular) and add their own rating to features by adding a coloumn to the table. > Comments are welcome. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.