db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-6438) Explicitly grant SocketPermission "listen" in default server policy
Date Wed, 22 Jan 2014 13:45:19 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas updated DERBY-6438:

    Attachment: 1010_server.policy

Attaching an updated version of the 1010_server.policy. I have confirmed that the old version
flunks the server boot on JDK 7 and higher as reported on this derby-user thread: http://apache-database.10148.n7.nabble.com/Network-Server-Access-Permissions-and-Java-1-7-0-51-td136583.html.
The old version was missing a permissions block which is needed for managing extra file access
controls on JDK 7 and higher. With the new policy file, I am able to boot the server and create
an in-memory database using Java 1.8.0-ea-b121.

> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>                 Key: DERBY-6438
>                 URL: https://issues.apache.org/jira/browse/DERBY-6438
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>             Fix For:,,,,,,
>         Attachments: 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html,
> The network server needs SocketPermission "listen" on the port that it listens to, but
this permission is not granted by the basic server policy that's installed by default. This
doesn't cause any problems in most cases, since the JVM's default policy grants all code bases
SocketPermission "listen" on a range of ports, and Derby's network server port is within that
> Still, the network server should not rely on this fact. It is possible to run the network
server on any port, not only those ports that happen be in the range that's given carte blanche
by the platform's default policy. The network server will however not be able to run on those
ports with the basic policy currently, only with a custom policy or with the security manager
> The default policy should make this permission explicit.

This message was sent by Atlassian JIRA

View raw message