db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jean T. Anderson" <...@bristowhill.com>
Subject Re: Security in Derby
Date Tue, 20 Feb 2007 18:41:45 GMT
Alexander Trauzzi wrote:
...
> Also, where, when and how do I use this security file?

there's a little walk through on this starting on slides 36-38 of this
presentation:

   http://db.apache.org/derby/binaries/jta-WE15.pdf

hth,

 -jean


> Again, much of the explanation of these things in Derby seems left to the
> Java spec that they conform to - which isn't always the most user friendly.
> 
> - Alex
> 
> On 2/20/07, Rick Hillegas <Richard.Hillegas@sun.com> wrote:
> 
>>
>> Hi Alexander,
>>
>> In terms of using a Java Security Manager, there will be better
>> out-of-the-box support for a secure network server in the next feature
>> release (10.3). That work is tracked by
>> https://issues.apache.org/jira/browse/DERBY-2196. Right now, you can
>> grab a generic policy file from the development codeline at
>> java/drda/org/apache/derby/drda/server.policy. I will mouse that file
>> into my reply. You will need to customize some variables in that file in
>> order to fit it  to your particular environment. I hope this helps.
>> Here's the moused-in server policy file:
>>
>> grant codeBase "${derby.install.url}derby.jar"
>> {
>> //
>> // These permissions are needed for everyday, embedded Derby usage.
>> //
>>   permission java.lang.RuntimePermission "createClassLoader";
>>   permission java.util.PropertyPermission "derby.*", "read";
>>   permission java.io.FilePermission "${derby.system.home}","read";
>>   permission java.io.FilePermission "${derby.system.home}${/}-",
>> "read,write,delete";
>>
>> //
>> // This permission lets you backup and restore databases
>> // to and from arbitrary locations in your file system.
>> //
>> // This permission also lets you import/export data to and from
>> // arbitrary locations in your file system.
>> //
>> // You may want to restrict this access to specific directories.
>> //
>>   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
>> };
>>
>> grant codeBase "${derby.install.url}derbynet.jar"
>> {
>> //
>> // This permission lets the Network Server manage connections from
>> clients.
>> //
>>   permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
>> };
>>
>> Alexander Trauzzi wrote:
>> > Greetings to all the Derbites in mailing list land.  I have a rather
>> > simple, but potentially complicated question.
>> >
>> > I grabbed a copy of the latest derby-bin distribution.  I ran the
>> > scripts required to run it as a network server, just as a quick little
>> > test in the console.
>> >
>> > The first concern I have is that anyone seems to have the ability to
>> > connect to my server and create databases?
>> > I did a bit of searching with Google and also within the derby site
>> > and came up with all kinds of very complicated and confusing
>> > recommendations to "secure" a server.  Some were in the manual,
>> > referring to authentication, others involved using a Java security
>> > manager.  Neither of which were explained in such a way that I could
>> > easily absorb or put into practical use.  Especially the Java security
>> > manager.
>> >
>> > Is there any resource that is straightforward, concise and simple that
>> > can help me set up a derby network server that authenticates based on
>> > username/password pairs?  I'm talking MySQL-easy (anyone can set up a
>> > MySQL server!).
>> >
>> > Thank you to all who reply...
>> >
>> > - Alexander Trauzzi
>>
>>
> 
> 


Mime
View raw message