|
Attaching more of the html output for derby-2372-secure-server-01.
Attaching more html output for patch derby-2372-secure-server-01.
Committed derby-2372-01.diff at subversion revision 515270.
Sorry for the late comments, meant to review this before you got around to committing it, two minor comments:
tadminnetservopen.html: Maybe for the warning here: "You incur a severe security risk by opening up the server to all clients without limiting access via ^user authentication^ and a security policy." ? Since the new requirement is actually that user authentication be configured and enabled, it would be good to mention it here. tadminnetservbasic and tadmincbdjhhfd: For instructions on setting up user authentication, this page points the user to "Derby Security" in the devguide, but tadmincbdjhhfd points the user to "Working with user authentication" in the devguide. Probably would be good to point the users to the same place for consistency. Thanks for the feedback, Andrew. I have addressed your comments in derby-2372-02.diff, which I'm attaching and which I committed at subversion revision 515313..
Re-opening in order to adjust the documentation to reflect the fact that server boot will not fail if authentication is not turned on.
Attaching changes to the Admin Guide which reflect the work of
M src/adminguide/tadmincbdjhhfd.dita M src/adminguide/tadminnetservbasic.dita Committed derby-2372-no-auth-01.diff at subversion revision 545211.
Attaching derby-2372-hostparametername-01.diff and the corresponding html output: tadminnetservbasic.html and tadminnetservcustom.html. This changes the name of the host parameter in the default server policy file, per
Attaching derby-2372-hostparameterspec-01.diff. This adjusts the Admin Guide to reflect the changes introduced by
adminguide/tadminnetservcustom.html adminguide/tadminnetservbasic.html Committed to trunk docs at subversion 553555. Ported to 10.3 docs at subversion revision 553556. Attaching derby-2372-userdir-01.diff. This reflects the permission to read the user.dir property which was added as part of
adminguide/tadminnetservcustom.html adminguide/tadminnetservbasic.html Committed derby-2372-userdir-01.diff to trunk docs at subversion revision 553956. Ported to 10.3 docs at revision 553959.
I assume this can be closed again.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
|
Improvement
Closed
Major
Document the secure-by-default network server
This patch does the following:
1) Adds a page describing the Basic security policy.
2) Adds a page describing how to customize this policy.
3) Adds a page describing how to override the server's impulse to install a security manager.
4) Removes the previous, confusing example policy for network security.
5) Prominently notes that booting the Network Server will, by default, install a security manager and will fail if you have not enabled user authentication.
Touches the following files:
M src/adminguide/derbyadmin.ditamap
A src/adminguide/tadminnetservbasic.dita
M src/adminguide/tadminnetservrun.dita
M src/adminguide/tadmincbdjhhfd.dita
A src/adminguide/tadminnetservopen.dita
A src/adminguide/tadminnetservcustom.dita