db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6160) Fixes needed to documentation topics on security policy permissions
Date Fri, 03 May 2013 03:18:18 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13648143#comment-13648143
] 

Dag H. Wanvik commented on DERBY-6160:
--------------------------------------

At the risk of confusing your good summary, Rick, where would that leave the hard-coded properties
for file visibility control? They are sort of both in category (i) and (iii), that is, they
are (i) if you use the new file permission restriction feature (optional, but default for
server started from command line).

But you could also argue they are (iii), since you can switch off the feature that needs them.
Also the (iii) characteristic "You can omit these permissions in order to tighten your security"
doesn't apply to to them; it's more a trade-off: allowing reading of some properties, to achieve
a greater good: limiting file permissions.

 I think I'd prefer to portray these as category (i). What do you think?

                
> Fixes needed to documentation topics on security policy permissions
> -------------------------------------------------------------------
>
>                 Key: DERBY-6160
>                 URL: https://issues.apache.org/jira/browse/DERBY-6160
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.9.1.0, 10.10.1.1
>            Reporter: Kathey Marsden
>            Assignee: Kim Haase
>         Attachments: DERBY-6160-2.diff, DERBY-6160-2.stat, DERBY-6160-2.zip, DERBY-6160.diff,
DERBY-6160.stat, DERBY-6160.zip
>
>
> DERBY-5363 added a new required permission  RuntimePermission "accessUserInformation".
> This should be added to the developer guide information under granting permissions to
Derby.
> https://builds.apache.org/job/Derby-docs/lastSuccessfulBuild/artifact/trunk/out/devguide/cdevbabejgjd.html
> I am not sure of the context under which it is required if it is just needed. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message