db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik" <dag.wan...@oracle.com>
Subject Re: making Derby secure by default
Date Tue, 20 Sep 2011 21:02:15 GMT
Thanks, Rick!

On 9/16/2011 8:55 PM, Rick Hillegas wrote:
>
> CS1) The VM owner would have to specify credentials in order to boot 
> the server.

How would we store and authenticate these credentials (we have no a 
priori DB or central repository unless authetication is via LDAP)? Would 
this require the system privileges to be completed or do you have 
another model in mind?

>
> CS2) Those credentials would be required in order to shutdown the 
> server, shutdown the engine, turn server-side tracing on/off, and in 
> general use any of the public functions of 
> NetworkServerControl/NetServlet.

and I guess, any interface we expose through our management beans?

>
> CS3) SSL/TLS would be turned on. Unless overridden, certificate/key 
> stores would be expected/created at some default location.
>
> CS4) Some mechanism would control create/restore database powers 
> across the network. Discussion needed.

Can you elaborate on what you have in mind here? Do you mean changing 
the data base owner (DBO) for a database? And/or the privileges referred 
to in CS2?

Thanks,
Dag


Mime
View raw message