db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6160) Fixes needed to documentation topics on security policy permissions
Date Tue, 30 Apr 2013 04:18:16 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645228#comment-13645228
] 

Dag H. Wanvik commented on DERBY-6160:
--------------------------------------

Thanks! In the section "Customizing the Network Server's security policy" section for derbynet.jar,
we should probably include these setting for these

+// Needed by file permissions restriction system:
+//
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", 
+      "read, write";

even the PropertyPermission, since in this case the security policy is effective once Derby
starts (before the time where it would otherwise load the default security policy), so the
last PropertyPermission is required. (With default, we set this property *before* the security
manager is enabled).

For derby.jar,  the two runtimePermissions need be included also.

In general, I am wondering whether we have (re)considered (lately) the minimum that must be
in the customized policy to make Derby work at all. Another case in point is the added permission
for callAbort in JDBC 4.1; I think that needs to be present in the engine (derby.jar) grants,
too ? Rick?


                
> Fixes needed to documentation topics on security policy permissions
> -------------------------------------------------------------------
>
>                 Key: DERBY-6160
>                 URL: https://issues.apache.org/jira/browse/DERBY-6160
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.9.1.0, 10.10.1.1
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>         Attachments: DERBY-6160-2.diff, DERBY-6160-2.stat, DERBY-6160-2.zip, DERBY-6160.diff,
DERBY-6160.stat, DERBY-6160.zip
>
>
> DERBY-5363 added a new required permission  RuntimePermission "accessUserInformation".
> This should be added to the developer guide information under granting permissions to
Derby.
> https://builds.apache.org/job/Derby-docs/lastSuccessfulBuild/artifact/trunk/out/devguide/cdevbabejgjd.html
> I am not sure of the context under which it is required if it is just needed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message