Issue Details (XML | Word | Printable)

Key: DERBY-474
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Unassigned
Reporter: Kathey Marsden
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Derby

Improve Network Server security documentation

Created: 27/Jul/05 09:23 PM   Updated: 05/Sep/07 11:27 PM
Return to search
Component/s: Documentation
Affects Version/s: 10.2.1.6
Fix Version/s: None

Time Tracking:
Not Specified

Issue Links:
Reference
 

Resolution Date: 05/Sep/07 11:27 PM


 Description  « Hide
The network server security documentation should document security manager permissions needed separate from the example policy file.

The example policy file should separate permissions by jar file.

There should not be examples of starting network server with the -h 0.0.0.0 option without using security manager.

Risks of running outside of security manager and without user authentication should be documented.

Discussion should be included about client encrypted user id password and associated limitations.

The section should mention that there is no data stream encryption with network server.

http://incubator.apache.org/derby/docs/adminguide/tadminnetservrun.html

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Kathey Marsden added a comment - 10/Sep/05 01:45 AM
Documentation should also be updated to have an appropriate warning about using the bootPassword attribute from a client. .

Currently with Network Client embeded attributes are sent as clear text to the server even when encrypted user id and password are specified as the security mechanism.

[ Permlink | « Hide ]
Laura Stewart added a comment - 04/Sep/07 08:26 PM
Kathey - It seems that some (if not all) of these issues have been addressed.
If that is true, can you please close this issue? If not, please let me know what else needs to be addressed.

[ Permlink | « Hide ]
Kathey Marsden added a comment - 05/Sep/07 11:27 PM
I think these issues have already been addressed through documentation and product changes.
Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators