db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6160) Fixes needed to documentation topics on security policy permissions
Date Tue, 30 Apr 2013 14:00:20 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13645583#comment-13645583
] 

Kim Haase commented on DERBY-6160:
----------------------------------

Thanks, Dag.

Let me see if I understand this correctly:

In the "Basic Network Server security policy" topic, the current settings are correct; that
is, the following for derby.jar --

  // Needed by file permissions restriction system:
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";

and the following for derbynet.jar --

//
// Needed by file permissions restriction system:
//
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";
  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", 
      "read, write";

Would it be helpful to add "(JDK 7 and higher)" to both?

The topic "Customizing the Network Server's security policy" currently shows some basic and
customized settings for derby.jar, but only one permission for derbynet.jar, although the
policy file in "Basic Network Server security policy" has many more. I'm not sure what purpose
the settings in this topic are meant to serve. I think they probably should include the needed
permissions for 

The file java/drda/org/apache/derby/drda/template.policy is the one that is used as the JDK
demos/db/templates/server.policy file, so this is the one that should provide correct examples.
I'll file a separate issue to remove the derby.storage.jvmInstanceId permission from this
file and make any other needed corrections. 

I will wait to hear about callAbort.
                
> Fixes needed to documentation topics on security policy permissions
> -------------------------------------------------------------------
>
>                 Key: DERBY-6160
>                 URL: https://issues.apache.org/jira/browse/DERBY-6160
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.9.1.0, 10.10.1.1
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>         Attachments: DERBY-6160-2.diff, DERBY-6160-2.stat, DERBY-6160-2.zip, DERBY-6160.diff,
DERBY-6160.stat, DERBY-6160.zip
>
>
> DERBY-5363 added a new required permission  RuntimePermission "accessUserInformation".
> This should be added to the developer guide information under granting permissions to
Derby.
> https://builds.apache.org/job/Derby-docs/lastSuccessfulBuild/artifact/trunk/out/devguide/cdevbabejgjd.html
> I am not sure of the context under which it is required if it is just needed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message