db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Security in Derby
Date Tue, 20 Feb 2007 18:06:30 GMT
Hi Alexander,

In terms of using a Java Security Manager, there will be better 
out-of-the-box support for a secure network server in the next feature 
release (10.3). That work is tracked by 
https://issues.apache.org/jira/browse/DERBY-2196. Right now, you can 
grab a generic policy file from the development codeline at 
java/drda/org/apache/derby/drda/server.policy. I will mouse that file 
into my reply. You will need to customize some variables in that file in 
order to fit it  to your particular environment. I hope this helps. 
Here's the moused-in server policy file:

grant codeBase "${derby.install.url}derby.jar"
// These permissions are needed for everyday, embedded Derby usage.
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.io.FilePermission "${derby.system.home}","read";
  permission java.io.FilePermission "${derby.system.home}${/}-", 

// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
// You may want to restrict this access to specific directories.
  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";

grant codeBase "${derby.install.url}derbynet.jar"
// This permission lets the Network Server manage connections from clients.
  permission java.net.SocketPermission "${derby.drda.host}:*", "accept";

Alexander Trauzzi wrote:
> Greetings to all the Derbites in mailing list land.  I have a rather 
> simple, but potentially complicated question.
> I grabbed a copy of the latest derby-bin distribution.  I ran the 
> scripts required to run it as a network server, just as a quick little 
> test in the console.
> The first concern I have is that anyone seems to have the ability to 
> connect to my server and create databases?
> I did a bit of searching with Google and also within the derby site 
> and came up with all kinds of very complicated and confusing 
> recommendations to "secure" a server.  Some were in the manual, 
> referring to authentication, others involved using a Java security 
> manager.  Neither of which were explained in such a way that I could 
> easily absorb or put into practical use.  Especially the Java security 
> manager.
> Is there any resource that is straightforward, concise and simple that 
> can help me set up a derby network server that authenticates based on 
> username/password pairs?  I'm talking MySQL-easy (anyone can set up a 
> MySQL server!).
> Thank you to all who reply...
> - Alexander Trauzzi

View raw message