db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5400) Toggling of network tracing should be protected by requiring the user to specify the credentials of the system administrator.
Date Tue, 06 Sep 2011 13:07:10 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13097971#comment-13097971
] 

Rick Hillegas commented on DERBY-5400:
--------------------------------------

Good question. I don't think we have defined this term. I am using it as shorthand for "the
person who boots the VM which runs Derby". That person enjoys the following powers (some of
which overlap):

1) The power to set the Java security policy.

2) The power to set the classpath, bringing in application software (and maybe malware).

3) The power to set Derby properties at the system level.

4) The power to set the authentication mechanism.

5) The power to enable SSL/TLS encryption.

6) The power to set file permissions (via umask and access control lists).

7) The power to set the port/host information for the network server and to enable network
tracing.

Is "system administrator" a bad name for this person? Would some other term be better, like
"VM administrator", "VM owner", "booter", "security czar", ...? Thanks.

> Toggling of network tracing should be protected by requiring the user to specify the
credentials of the system administrator.
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5400
>                 URL: https://issues.apache.org/jira/browse/DERBY-5400
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>
> For servers which are brought up with the system administrator's credentials, we should
require those credentials to be specified when turning network tracing on and off.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message