db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (DERBY-6217) Put all of the security documentation in a single, separate user guide
Date Mon, 31 Mar 2014 20:41:14 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915058#comment-13915058
] 

Kim Haase edited comment on DERBY-6217 at 3/31/14 8:39 PM:
-----------------------------------------------------------

Here is a proposed high-level documentation plan for this guide. I welcome comments.

The Security Guide will provide introductory material from a revised (but as yet unpublished)
version of Rick Hillegas's "Java DB Security" white paper, the previous version of which is
reachable from http://db.apache.org/derby/blogs/index.html.

Much of the substance will consist of rearranged and slightly rewritten versions of the Developer's
Guide section "Configuring Security for Derby". 

In addition, several topics from the Admin Guide will be moved to this manual: the "User authentication
differences" section and the first five sections under "Derby Network Server advanced topics".


The introductory section based on the white paper will include these topics:

Why databases need security
 - Vulnerabilities of unsecured databases
 - Threats to unsecured databases

Defenses against security threats
 - Derby defenses against threats
 - Defenses outside of Derby

Defenses mapped to threats
Designing safer Derby applications

The rearrangement of the Developer's Guide and Admin Guide material will follow the ordering
of the appendixes in the white paper, which proceeds from simple to complex. It will incorporate
material from the white paper and from the guides as appropriate:

Configuring database encryption
Configuring SSL/TLS
Configuring LDAP authentication
Configuring NATIVE authentication
Configuring coarse-grained authorization
Configuring fine-grained authorization
Configuring Java security
Restricting file permissions
Putting it all together
Security terminology


was (Author: chaase3):
Here is a proposed high-level documentation plan for this guide. I welcome comments.

The Security Guide will provide introductory material from a revised (but as yet unpublished)
version of Rick Hillegas's "Java DB Security" white paper, the previous version of which is
reachable from http://db.apache.org/derby/blogs/index.html.

Much of the substance will consist of rearranged and slightly rewritten versions of the Developer's
Guide section "Configuring Security for Derby". 

In addition, several topics from the Admin Guide will be moved to this manual: the "User authentication
differences" section and the first five sections under "Derby Network Server advanced topics".


The introductory section based on the white paper will include these topics:

Why databases need security
 - Vulnerabilities of unsecured databases
 - Threats to unsecured databases

Defenses against security threats
 - Derby defenses against threats
 - Defenses outside of Derby

Defenses mapped to threats
Designing safer Derby applications

The rearrangement of the Developer's Guide and Admin Guide material will follow the ordering
of the appendixes in the white paper, which proceeds from simple to complex. It will incorporate
material from the white paper and from the guides as appropriate:

Configuring database encryption
Configuring SSL/TLS
Configuring LDAP authentication
Configuring NATIVE authentication
Configuring coarse-grained authentication
Configuring fine-grained authentication
Configuring Java security
Restricting file permissions
Putting it all together
Security terminology

> Put all of the security documentation in a single, separate user guide
> ----------------------------------------------------------------------
>
>                 Key: DERBY-6217
>                 URL: https://issues.apache.org/jira/browse/DERBY-6217
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.11.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>
> Right now the security documentation is divided among our user guides. This makes is
hard for customers to understand Derby's defenses and how to configure all relevant security
mechanisms for an application. As demonstrated by the discussion on DERBY-6160, some security
mechanisms involve multiple Derby jar files and multiple application tiers. Material for these
mechanisms is scattered across the existing user guides. It would be less confusing if all
of Derby's security documentation were separated out into a new Security Guide.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message