Return-Path: 
 <derby-dev-return-108150-apmail-db-derby-dev-archive=db.apache.org@db.apache.org>
X-Original-To: apmail-db-derby-dev-archive@www.apache.org
Delivered-To: apmail-db-derby-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 4561810F35
	for <apmail-db-derby-dev-archive@www.apache.org>;
 Thu, 19 Dec 2013 10:52:12 +0000 (UTC)
Received: (qmail 97699 invoked by uid 500); 19 Dec 2013 10:52:11 -0000
Delivered-To: apmail-db-derby-dev-archive@db.apache.org
Received: (qmail 97609 invoked by uid 500); 19 Dec 2013 10:52:10 -0000
Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:derby-dev-help@db.apache.org>
List-Unsubscribe: <mailto:derby-dev-unsubscribe@db.apache.org>
List-Post: <mailto:derby-dev@db.apache.org>
List-Id: <derby-dev.db.apache.org>
Reply-To: <derby-dev@db.apache.org>
Delivered-To: mailing list derby-dev@db.apache.org
Received: (qmail 97590 invoked by uid 99); 19 Dec 2013 10:52:08 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Dec 2013 10:52:08 +0000
Date: Thu, 19 Dec 2013 10:52:08 +0000 (UTC)
From: "Knut Anders Hatlen (JIRA)" <jira@apache.org>
To: derby-dev@db.apache.org
Message-ID: <JIRA.12685558.1387450287978.64422.1387450328227@arcas>
In-Reply-To: <JIRA.12685558.1387450287978@arcas>
References: <JIRA.12685558.1387450287978@arcas>
Subject: [jira] [Created] (DERBY-6438) Explicitly grant SocketPermission
 "listen" in default server policy
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Knut Anders Hatlen created DERBY-6438:
-----------------------------------------

             Summary: Explicitly grant SocketPermission "listen" in default server policy
                 Key: DERBY-6438
                 URL: https://issues.apache.org/jira/browse/DERBY-6438
             Project: Derby
          Issue Type: Improvement
          Components: Network Server
    Affects Versions: 10.11.0.0
            Reporter: Knut Anders Hatlen
            Assignee: Knut Anders Hatlen


The network server needs SocketPermission "listen" on the port that it listens to, but this permission is not granted by the basic server policy that's installed by default. This doesn't cause any problems in most cases, since the JVM's default policy grants all code bases SocketPermission "listen" on a range of ports, and Derby's network server port is within that range.

Still, the network server should not rely on this fact. It is possible to run the network server on any port, not only those ports that happen be in the range that's given carte blanche by the platform's default policy. The network server will however not be able to run on those ports with the basic policy currently, only with a custom policy or with the security manager disabled.

The default policy should make this permission explicit.



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)