db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Trauzzi" <atrau...@gmail.com>
Subject Re: Security in Derby
Date Tue, 20 Feb 2007 18:30:41 GMT
Richard,

Thanks!  How does this affect my need for a user based security setup?
Also, where, when and how do I use this security file?

Again, much of the explanation of these things in Derby seems left to the
Java spec that they conform to - which isn't always the most user friendly.

- Alex

On 2/20/07, Rick Hillegas <Richard.Hillegas@sun.com> wrote:
>
> Hi Alexander,
>
> In terms of using a Java Security Manager, there will be better
> out-of-the-box support for a secure network server in the next feature
> release (10.3). That work is tracked by
> https://issues.apache.org/jira/browse/DERBY-2196. Right now, you can
> grab a generic policy file from the development codeline at
> java/drda/org/apache/derby/drda/server.policy. I will mouse that file
> into my reply. You will need to customize some variables in that file in
> order to fit it  to your particular environment. I hope this helps.
> Here's the moused-in server policy file:
>
> grant codeBase "${derby.install.url}derby.jar"
> {
> //
> // These permissions are needed for everyday, embedded Derby usage.
> //
>   permission java.lang.RuntimePermission "createClassLoader";
>   permission java.util.PropertyPermission "derby.*", "read";
>   permission java.io.FilePermission "${derby.system.home}","read";
>   permission java.io.FilePermission "${derby.system.home}${/}-",
> "read,write,delete";
>
> //
> // This permission lets you backup and restore databases
> // to and from arbitrary locations in your file system.
> //
> // This permission also lets you import/export data to and from
> // arbitrary locations in your file system.
> //
> // You may want to restrict this access to specific directories.
> //
>   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
> };
>
> grant codeBase "${derby.install.url}derbynet.jar"
> {
> //
> // This permission lets the Network Server manage connections from
> clients.
> //
>   permission java.net.SocketPermission "${derby.drda.host}:*", "accept";
> };
>
> Alexander Trauzzi wrote:
> > Greetings to all the Derbites in mailing list land.  I have a rather
> > simple, but potentially complicated question.
> >
> > I grabbed a copy of the latest derby-bin distribution.  I ran the
> > scripts required to run it as a network server, just as a quick little
> > test in the console.
> >
> > The first concern I have is that anyone seems to have the ability to
> > connect to my server and create databases?
> > I did a bit of searching with Google and also within the derby site
> > and came up with all kinds of very complicated and confusing
> > recommendations to "secure" a server.  Some were in the manual,
> > referring to authentication, others involved using a Java security
> > manager.  Neither of which were explained in such a way that I could
> > easily absorb or put into practical use.  Especially the Java security
> > manager.
> >
> > Is there any resource that is straightforward, concise and simple that
> > can help me set up a derby network server that authenticates based on
> > username/password pairs?  I'm talking MySQL-easy (anyone can set up a
> > MySQL server!).
> >
> > Thank you to all who reply...
> >
> > - Alexander Trauzzi
>
>


-- 
_________________________________________________

    Alexander Trauzzi

Mime
View raw message