db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Kyrmegalos <andrea...@vivodinet.gr>
Subject Re: shutdown fails when basic security policy is active and authentication is ldap based
Date Thu, 05 Jun 2008 21:17:24 GMT
Quoting SocketPermission API:
"The "resolve" action is implied when any of the other actions are 
present. The action "resolve" refers to host/ip name service lookups."

Based on that I didn't include resolve. And as it wasn't necessary in my 
case to perform a lookup, I didn't get a security exception. The 
question that comes to my mind now is what address will derby try to 
reach in order to perform said lookup. Most likely the dns server ips 
declared in the host derby runs. So, such addresses should be included 
in the server.policy file as well.

Anyway, granting "connect, resolve" is a more complete solution.


Myrna van Lunteren wrote:
> I agree with Rick that this should get documented.
> Perhaps, Andreas, you could log this issue as a documentation
> improvement in JIRA?
> Also, I wondered - in some recent testing I found that 'connect'
> permission was not sufficient, I needed "connect, resolve" to the
> ldapServer. Has that been your experience too?
> Regards,
> Myrna

View raw message