db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Security in Derby
Date Tue, 20 Feb 2007 18:58:30 GMT
Hi Alexander,

User authentication is discussed in the Derby Developer's Guide, in a 
section called "Derby and Security".

Hope this helps,
-Rick

Alexander Trauzzi wrote:
> Awesome, I'm glad I can collect all these hidden links, but the issue 
> of per user authentication, similar to what MySQL and other databases 
> offer is still blocking me.
>
> I guess over a bit of time someone reading this mailing list will 
> notice this one last question.
>
> I'm happy to see that everyone is doing things to make the network DB 
> usable out of the box.  Certainly a proactive approach to knocking 
> down barriers to entry will help people like me get further along.
>
> - Alex
>
> On 2/20/07, *Jean T. Anderson* <jta@bristowhill.com 
> <mailto:jta@bristowhill.com>> wrote:
>
>     Alexander Trauzzi wrote:
>     ...
>     > Also, where, when and how do I use this security file?
>
>     there's a little walk through on this starting on slides 36-38 of this
>     presentation:
>
>        http://db.apache.org/derby/binaries/jta-WE15.pdf
>
>     hth,
>
>     -jean
>
>
>     > Again, much of the explanation of these things in Derby seems
>     left to the
>     > Java spec that they conform to - which isn't always the most
>     user friendly.
>     >
>     > - Alex
>     >
>     > On 2/20/07, Rick Hillegas <Richard.Hillegas@sun.com
>     <mailto:Richard.Hillegas@sun.com>> wrote:
>     >
>     >>
>     >> Hi Alexander,
>     >>
>     >> In terms of using a Java Security Manager, there will be better
>     >> out-of-the-box support for a secure network server in the next
>     feature
>     >> release (10.3). That work is tracked by
>     >> https://issues.apache.org/jira/browse/DERBY-2196
>     <https://issues.apache.org/jira/browse/DERBY-2196>. Right now, you can
>     >> grab a generic policy file from the development codeline at
>     >> java/drda/org/apache/derby/drda/server.policy. I will mouse
>     that file
>     >> into my reply. You will need to customize some variables in
>     that file in
>     >> order to fit it  to your particular environment. I hope this helps.
>     >> Here's the moused-in server policy file:
>     >>
>     >> grant codeBase "${derby.install.url}derby.jar"
>     >> {
>     >> //
>     >> // These permissions are needed for everyday, embedded Derby usage.
>     >> //
>     >>   permission java.lang.RuntimePermission "createClassLoader";
>     >>   permission java.util.PropertyPermission "derby.*", "read";
>     >>   permission java.io.FilePermission "${derby.system.home}","read";
>     >>   permission java.io.FilePermission "${ derby.system.home}${/}-",
>     >> "read,write,delete";
>     >>
>     >> //
>     >> // This permission lets you backup and restore databases
>     >> // to and from arbitrary locations in your file system.
>     >> //
>     >> // This permission also lets you import/export data to and from
>     >> // arbitrary locations in your file system.
>     >> //
>     >> // You may want to restrict this access to specific directories.
>     >> //
>     >>   permission java.io.FilePermission "<<ALL FILES>>",
>     "read,write,delete";
>     >> };
>     >>
>     >> grant codeBase "${derby.install.url}derbynet.jar"
>     >> {
>     >> //
>     >> // This permission lets the Network Server manage connections from
>     >> clients.
>     >> //
>     >>   permission java.net.SocketPermission "${derby.drda.host}:*",
>     "accept";
>     >> };
>     >>
>     >> Alexander Trauzzi wrote:
>     >> > Greetings to all the Derbites in mailing list land.  I have a
>     rather
>     >> > simple, but potentially complicated question.
>     >> >
>     >> > I grabbed a copy of the latest derby-bin distribution.  I ran the
>     >> > scripts required to run it as a network server, just as a
>     quick little
>     >> > test in the console.
>     >> >
>     >> > The first concern I have is that anyone seems to have the
>     ability to
>     >> > connect to my server and create databases?
>     >> > I did a bit of searching with Google and also within the
>     derby site
>     >> > and came up with all kinds of very complicated and confusing
>     >> > recommendations to "secure" a server.  Some were in the manual,
>     >> > referring to authentication, others involved using a Java
>     security
>     >> > manager.  Neither of which were explained in such a way that
>     I could
>     >> > easily absorb or put into practical use.  Especially the Java
>     security
>     >> > manager.
>     >> >
>     >> > Is there any resource that is straightforward, concise and
>     simple that
>     >> > can help me set up a derby network server that authenticates
>     based on
>     >> > username/password pairs?  I'm talking MySQL-easy (anyone can
>     set up a
>     >> > MySQL server!).
>     >> >
>     >> > Thank you to all who reply...
>     >> >
>     >> > - Alexander Trauzzi
>     >>
>     >>
>     >
>     >
>
>
>
>
> -- 
> _________________________________________________
>
>     Alexander Trauzzi 


Mime
View raw message