db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4990) Documentation should state a custom security policy being required to use LDAP in conjunction with network driver
Date Thu, 17 Feb 2011 19:11:24 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4990?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kim Haase updated DERBY-4990:
-----------------------------

    Attachment: DERBY-4990-2.zip
                DERBY-4990-2.stat
                DERBY-4990-2.diff

Attaching DERBY-4990-2.diff, DERBY-4990-2.stat, and DERBY-4990-2.zip, with changes to the
following Dev Guide files:

M       src/devguide/cdevbabejgjd.dita
M       src/devguide/cdevcsecure41285.dita
M       src/devguide/cdevcsecure863446.dita
M       src/devguide/cdevcsecure864242.dita

Granting permissions to Derby: added entry on LDAP grant

LDAP directory service: Added links to JDK documentation on LDAP.

Setting up Derby to use your LDAP directory service: Added mention of LDAP permission grant.

JNDI-specific properties for external directory services: Corrected appendix title and linked
to correct URL.

Will this be sufficient? Suggestions are welcome.

> Documentation should state a custom security policy being required to use LDAP in conjunction
with network driver
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4990
>                 URL: https://issues.apache.org/jira/browse/DERBY-4990
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation
>            Reporter: Thomas Hill
>            Assignee: Kim Haase
>         Attachments: DERBY-4990-2.diff, DERBY-4990-2.stat, DERBY-4990-2.zip, DERBY-4990.diff,
DERBY-4990b.diff, tadminnetservcustom.html, tadminnetservcustom.html
>
>
> The documentation is lacking a statement that defining and using a >custom< security
manager template is required when wanting to use LDAP authorization provider in conjunction
with the network driver client. driver. Otherwise, i.e. just using the default security policy
will lead to socket permission errors. Details on which permission exactely needs to be granted
to which code base would be very helpful.
> Chapter 'Running Derby under a security manager', section 'granting permissions to Derby'
in the Developer's guide seems a good place to mention the permission java.net.SocketPermission
as optional, but required to be set when wanting to use LDAP authorization in conjunction
with the network client driver and defining the authorisation provider properties as system-level
properties.
> Adding this to the documentation and preferrably also providing some more guidance seems
desirable as migrating off the builtin user system to LDAP is strongly recommened and the
documentation has explicit statements about security risks otherwise incurred. 
> I also realized that the template included in the documentation at http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html
and the default template included in 10.7.1.1 software are no longer in sync.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message