You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ch...@apache.org on 2014/01/10 15:24:24 UTC
svn commit: r1557131 - in /db/derby/docs/branches/10.10/src/adminguide:
cadminreplicsecurity.dita tadminnetservbasic.dita tadminnetservcustom.dita
Author: chaase3
Date: Fri Jan 10 14:24:23 2014
New Revision: 1557131
URL: http://svn.apache.org/r1557131
Log:
DERBY-6448 Document new SocketPermission in Network Server policy file
Merged DERBY-6448.diff to 10.10 doc branch from trunk revision 1557129.
Modified:
db/derby/docs/branches/10.10/src/adminguide/cadminreplicsecurity.dita
db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita
db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita
Modified: db/derby/docs/branches/10.10/src/adminguide/cadminreplicsecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/adminguide/cadminreplicsecurity.dita?rev=1557131&r1=1557130&r2=1557131&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/adminguide/cadminreplicsecurity.dita (original)
+++ db/derby/docs/branches/10.10/src/adminguide/cadminreplicsecurity.dita Fri Jan 10 14:24:23 2014
@@ -32,8 +32,9 @@ allow the master-slave network connectio
<codeblock>grant codeBase "${derby.install.url}derby.jar"</codeblock>
<p>Add the following permission to the policy file on the master system:</p>
<codeblock>permission java.net.SocketPermission "<i>slaveHost</i>:<i>slavePort</i>", "connect,resolve";</codeblock>
-<p>Add the following permission to the policy file on the slave system:</p>
-<codeblock>permission java.net.SocketPermission "<i>slaveHost</i>", "accept,resolve";</codeblock>
+<p>Add the following permissions to the policy file on the slave system:</p>
+<codeblock>permission java.net.SocketPermission "<i>slaveHost</i>", "accept,resolve";
+permission java.net.SocketPermission "localhost:<i>slavePort</i>", "listen";</codeblock>
<p><i>slaveHost</i> and <i>slavePort</i> are the values you specify for the
<codeph>slaveHost=<i>hostname</i></codeph> and
<codeph>slavePort=<i>portValue</i></codeph> attributes, which are described in
Modified: db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita?rev=1557131&r1=1557130&r2=1557131&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita (original)
+++ db/derby/docs/branches/10.10/src/adminguide/tadminnetservbasic.dita Fri Jan 10 14:24:23 2014
@@ -153,6 +153,15 @@ grant codeBase "${derby.install.url}derb
//
permission java.net.SocketPermission "*", "accept";
+ // Allow the server to listen to the socket on the default port (1527).
+ // If you have specified another port number with the -p option to
+ // "NetworkServerControl start" on the command line, or with the
+ // portNumber parameter to the NetworkServerControl constructor in the
+ // API, or with the property derby.drda.portNumber, you should change
+ // the port number in the permission statement accordingly.
+ //
+ permission java.net.SocketPermission "localhost:1527", "listen";
+
// Needed for server tracing.
//
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
Modified: db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita?rev=1557131&r1=1557130&r2=1557131&view=diff
==============================================================================
--- db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita (original)
+++ db/derby/docs/branches/10.10/src/adminguide/tadminnetservcustom.dita Fri Jan 10 14:24:23 2014
@@ -177,7 +177,7 @@ grant codeBase "file:/usr/local/share/sw
// security implications before you open up database connections
// from other hosts.
//
- permission java.net.SocketPermission "localhost:0-", "accept";
+ permission java.net.SocketPermission "localhost:0-", "accept,listen";
// Needed for server tracing.
//