db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3462) Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
Date Fri, 14 Mar 2008 14:12:24 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578746#action_12578746
] 

Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------

> Does this mean that these permissions serve no purpose if JMX authentication is enabled?
The basic policy file is just that, a basic policy. If the JMX authentication is being used
then the application needs to use a specific policy file that grants permissions to specific
users as required, it's simply out of scope for the basic policy.

> If both permissions ("control" and "monitor") are included for the network server in
the default policy file, why don't we leave distinguishing between sensitive actions and non-sensitive
actions to the admin? Admins may have different views of which actions are security sensitive
and which are not...

I don't understand what you are proposing here. The code has to be the place that indicates
what permissions are required, that can't be set by an application. An application can only
decide what permissions are granted.


> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's
JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3462
>                 URL: https://issues.apache.org/jira/browse/DERBY-3462
>             Project: Derby
>          Issue Type: Sub-task
>          Components: JMX, Security
>            Reporter: Daniel John Debrunner
>            Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message