You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ch...@apache.org on 2014/06/10 21:04:58 UTC

svn commit: r1601744 - in /db/derby/docs/trunk/src: devguide/rdevdeploy856948.dita ref/rrefstorejarinstall.dita ref/rrefstorejarreplace.dita

Author: chaase3
Date: Tue Jun 10 19:04:58 2014
New Revision: 1601744

URL: http://svn.apache.org/r1601744
Log:
DERBY-6598  Document permissions recommendations for JAR procedures

Modified 2 Reference Manual topics and one Developer's Guide topic.

Patch: DERBY-6598-2.diff

Modified:
    db/derby/docs/trunk/src/devguide/rdevdeploy856948.dita
    db/derby/docs/trunk/src/ref/rrefstorejarinstall.dita
    db/derby/docs/trunk/src/ref/rrefstorejarreplace.dita

Modified: db/derby/docs/trunk/src/devguide/rdevdeploy856948.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevdeploy856948.dita?rev=1601744&r1=1601743&r2=1601744&view=diff
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevdeploy856948.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevdeploy856948.dita Tue Jun 10 19:04:58 2014
@@ -23,4 +23,13 @@ limitations under the License.
 the jar file system procedures and complete syntax.</shortdesc>
 <prolog></prolog>
 <refbody>
+<section>
+<p>Pay particular attention to the sections on execute privileges for the
+<codeph>sqlj.install_jar</codeph> and <codeph>sqlj.replace_jar</codeph>
+procedures. Since these procedures can be used to install arbitrary code
+(possibly from across the network) that runs in the same Java Virtual Machine as
+the <ph conref="../conrefs.dita#prod/productshortname"></ph> database engine,
+both authentication and SQL authorization should be enabled, and execute
+privileges should be granted only to trusted users.</p>
+</section>
 </refbody></reference>

Modified: db/derby/docs/trunk/src/ref/rrefstorejarinstall.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefstorejarinstall.dita?rev=1601744&r1=1601743&r2=1601744&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefstorejarinstall.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefstorejarinstall.dita Tue Jun 10 19:04:58 2014
@@ -35,8 +35,9 @@ file in a database.</shortdesc>
 <dlentry><dt>JAR_FILE_PATH_OR_URL</dt>
 <dd>The path or URL of the jar file to add. A path includes both the directory
 and the file name (unless the file is in the current directory, in which case
-the directory is optional). For example:
+the directory is optional). Two examples:
 <codeblock>d:/todays_build/tours.jar</codeblock>
+<codeblock>http://www.example.com/tours.jar</codeblock>
 </dd>
 </dlentry>
 <dlentry><dt>QUALIFIED_JAR_NAME</dt>
@@ -59,8 +60,12 @@ argument, so it is normally set to 0.</d
 <xref href="rrefattrib26867.dita#rrefattrib26867">database owner</xref> has
 execute privileges on this procedure by default. See "Configuring user
 authentication" and "Configuring user authorization" in the
-<ph conref="../conrefs.dita#pub/citsec"></ph> for more information. The
-database owner can grant access to other users.</p>
+<ph conref="../conrefs.dita#pub/citsec"></ph> for more information.</p>
+<p>The database owner can grant access to other users. Since this procedure can
+be used to install arbitrary code (possibly from across the network) that runs
+in the same Java Virtual Machine as the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> database engine, the
+execute privilege should be granted only to trusted users.</p>
 </section>
 <section><title>SQL examples</title>
 <codeblock><b>-- SQL statement

Modified: db/derby/docs/trunk/src/ref/rrefstorejarreplace.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/ref/rrefstorejarreplace.dita?rev=1601744&r1=1601743&r2=1601744&view=diff
==============================================================================
--- db/derby/docs/trunk/src/ref/rrefstorejarreplace.dita (original)
+++ db/derby/docs/trunk/src/ref/rrefstorejarreplace.dita Tue Jun 10 19:04:58 2014
@@ -52,8 +52,12 @@ MYSCHEMA."Sample2"</codeblock>
 <xref href="rrefattrib26867.dita#rrefattrib26867">database owner</xref> has
 execute privileges on this procedure by default. See "Configuring user
 authentication" and "Configuring user authorization" in the
-<ph conref="../conrefs.dita#pub/citsec"></ph> for more information. The
-database owner can grant access to other users.</p>
+<ph conref="../conrefs.dita#pub/citsec"></ph> for more information.</p>
+<p>The database owner can grant access to other users. Since this procedure can
+be used to install arbitrary code (possibly from across the network) that runs
+in the same Java Virtual Machine as the
+<ph conref="../conrefs.dita#prod/productshortname"></ph> database engine, the
+execute privilege should be granted only to trusted users.</p>
 </section>
 <section><title>SQL example</title>
 <codeblock><b>-- SQL statement</b>