Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2196

Run standalone network server with security manager by default

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 10.3.1.4
    • Network Server
    • None
    • Release Note Needed
    • Security

    Description

      From an e-mail discussion:
      ... Derby should match the security provided by typical client server systems such as DB2, Oracle, etc. I
      think in this case system/database owners are trusting the database
      system to ensure that their system cannot be attacked. So maybe if Derby
      is booted as a standalone server with no security manager involved, it
      should install one with a default security policy. Thus allowing Derby
      to use Java security manager to manage system privileges but not
      requiring everyone to become familiar with them.

      http://mail-archives.apache.org/mod_mbox/db-derby-dev/200612.mbox/%3c4582FE67.7040308@apache.org%3e

      I imagine such a policy would allow any access to databases under derby.system.home and/or user.home.
      By standalone I mean the network server was started though the main() method (command line).

      Attachments

        1. secureServer.html
          13 kB
          Richard N. Hillegas
        2. secureServer.html
          14 kB
          Richard N. Hillegas
        3. secureServer.html
          15 kB
          Richard N. Hillegas
        4. secureServer.html
          17 kB
          Richard N. Hillegas
        5. secureServer.html
          18 kB
          Richard N. Hillegas
        6. derby-2196-01-print-01.diff
          8 kB
          Richard N. Hillegas
        7. derby-2196-01-print-02.diff
          8 kB
          Richard N. Hillegas
        8. secureServer.html
          21 kB
          Richard N. Hillegas
        9. derby-2196-01-print-03.diff
          4 kB
          Richard N. Hillegas
        10. derby-2196-02-install-01.diff
          25 kB
          Richard N. Hillegas
        11. derby-2196-03-tests-01.diff
          23 kB
          Richard N. Hillegas
        12. derby-2196-10-renameOption-01.diff
          11 kB
          Richard N. Hillegas
        13. secureServer.html
          21 kB
          Richard N. Hillegas
        14. secureServer.html
          23 kB
          Richard N. Hillegas
        15. secureServerReleaseNote.html
          5 kB
          Richard N. Hillegas
        16. secureServer.html
          23 kB
          Richard N. Hillegas
        17. releaseNote.html
          4 kB
          Richard N. Hillegas
        18. releaseNote.html
          4 kB
          Richard N. Hillegas
        19. releaseNote.html
          4 kB
          Richard N. Hillegas
        20. releaseNote.html
          4 kB
          Richard N. Hillegas
        21. secureServer.html
          23 kB
          Richard N. Hillegas
        22. secureServer.html
          23 kB
          Richard N. Hillegas
        23. secureServer.html
          24 kB
          Dag H. Wanvik
        24. secureServer.html
          25 kB
          Dag H. Wanvik

        Issue Links

          incorporates

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-2362 Add checks to ensure security manager installed by network server by default is as expected.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-2372 Document the secure-by-default network server

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-3248 SecureServerTest needs cleanup runServerCommand, possibly causing test failures when tests are run through ant.

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DERBY-2874 NetworkServer not accepting connections with default security manager on Ipv6 machines

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-2757 Do not require authentication when bringing up a security manager for the network server

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-2963 AccessControlException: Access denied java.net.SocketPermission <client ip> accept,resolve

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              rhillegas Richard N. Hillegas
              djd Daniel John Debrunner
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: