Derby
  1. Derby
  2. DERBY-4990

Documentation should state a custom security policy being required to use LDAP in conjunction with network driver

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.8.1.2
    • Component/s: Documentation
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      The documentation is lacking a statement that defining and using a >custom< security manager template is required when wanting to use LDAP authorization provider in conjunction with the network driver client. driver. Otherwise, i.e. just using the default security policy will lead to socket permission errors. Details on which permission exactely needs to be granted to which code base would be very helpful.

      Chapter 'Running Derby under a security manager', section 'granting permissions to Derby' in the Developer's guide seems a good place to mention the permission java.net.SocketPermission as optional, but required to be set when wanting to use LDAP authorization in conjunction with the network client driver and defining the authorisation provider properties as system-level properties.

      Adding this to the documentation and preferrably also providing some more guidance seems desirable as migrating off the builtin user system to LDAP is strongly recommened and the documentation has explicit statements about security risks otherwise incurred.

      I also realized that the template included in the documentation at http://db.apache.org/derby/docs/10.7/adminguide/tadminnetservbasic.html and the default template included in 10.7.1.1 software are no longer in sync.

      1. tadminnetservcustom.html
        7 kB
        Kim Haase
      2. tadminnetservcustom.html
        7 kB
        Kim Haase
      3. DERBY-4990b.diff
        1 kB
        Dag H. Wanvik
      4. DERBY-4990-2.zip
        10 kB
        Kim Haase
      5. DERBY-4990-2.stat
        0.2 kB
        Kim Haase
      6. DERBY-4990-2.diff
        6 kB
        Kim Haase
      7. DERBY-4990.diff
        1 kB
        Kim Haase

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Kim Haase
              Reporter:
              Thomas Hill
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development