You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Shane Powell (JIRA)" <de...@db.apache.org> on 2006/02/25 01:40:54 UTC
[jira] Created: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
------------------------------------------------------------------------------------------------------
Key: DERBY-1054
URL: http://issues.apache.org/jira/browse/DERBY-1054
Project: Derby
Type: Bug
Components: Network Server
Environment: Gentoo & RedHat Linux.
JDK 1.5.0.
Tomcat 5.0.28
Derby 10.1
derby.war
Reporter: Shane Powell
I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
Re: [jira] Commented: (DERBY-1054) Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
Posted by Myrna van Lunteren <m....@gmail.com>.
On 4/5/07, Bryan Pendleton <bp...@amberpoint.com> wrote:
> Myrna van Lunteren wrote:
> > I don't think
> > there's much of any warning in or near the servlet re security issues.
>
> This is an excellent point. I think it would be good to add text
> such as the following in two places:
> 1) As XML comments in the web.xml file for the host init-param
> 2) In the NetServlet documentation in the manual.
>
> The text should be something like the following (taken from the
> Network Server page):
>
> Remember: Before using the -h option, you should run under the
> Java security manager and enable user authentication.
>
> By default, the Network Server will listen to requests only on
> the loopback address, which means that it will only accept
> connections from the local host.
>
> Do you think that would address the security concern? The default
> for the NetServlet is still "localhost", so it is the same as for
> the other out-of-the-box ways to run the Network Server.
>
> thanks,
>
> bryan
>
>
I think that would be fine.
Myrna
Re: [jira] Commented: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by Bryan Pendleton <bp...@amberpoint.com>.
Myrna van Lunteren wrote:
> I don't think
> there's much of any warning in or near the servlet re security issues.
This is an excellent point. I think it would be good to add text
such as the following in two places:
1) As XML comments in the web.xml file for the host init-param
2) In the NetServlet documentation in the manual.
The text should be something like the following (taken from the
Network Server page):
Remember: Before using the -h option, you should run under the
Java security manager and enable user authentication.
By default, the Network Server will listen to requests only on
the loopback address, which means that it will only accept
connections from the local host.
Do you think that would address the security concern? The default
for the NetServlet is still "localhost", so it is the same as for
the other out-of-the-box ways to run the Network Server.
thanks,
bryan
Re: [jira] Commented: (DERBY-1054) Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
Posted by Myrna van Lunteren <m....@gmail.com>.
On 4/5/07, Bryan Pendleton <bp...@amberpoint.com> wrote:
> Thanks for the comments, Myrna!
>
> > I am also wondering if allowing remote servers to get started - and
> > stopped - would pose a security risk. Unless the app server is started
> > with security manager, I guess.
>
> Do you think that allowing the hostname value to be set in the web.xml
> makes the security risk worse?
Well, currently you can't use the servlet that way...I don't think it
matters much, but (and please correct me if I'm wrong) I don't think
there's much of any warning in or near the servlet re security issues.
>
> > I admit, I always interpreted the servlet more in the line of a demo
> > than a heavy-weight tool.
>
> Yes, I agree. I take your meaning to be that, since NetServlet.java uses
> public APIs of the NetworkServerControl class, anyone who wanted a more
> capable and/or secure implementation could build their own servlet code,
> using the NetServlet.java code as a starting point. Is that what you meant?
>
Yes, that's exactly what I meant.
Of course, interesting improvements would be welcomed...:-)
Myrna
Re: [jira] Commented: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by Bryan Pendleton <bp...@amberpoint.com>.
Thanks for the comments, Myrna!
> I am also wondering if allowing remote servers to get started - and
> stopped - would pose a security risk. Unless the app server is started
> with security manager, I guess.
Do you think that allowing the hostname value to be set in the web.xml
makes the security risk worse?
> I admit, I always interpreted the servlet more in the line of a demo
> than a heavy-weight tool.
Yes, I agree. I take your meaning to be that, since NetServlet.java uses
public APIs of the NetworkServerControl class, anyone who wanted a more
capable and/or secure implementation could build their own servlet code,
using the NetServlet.java code as a starting point. Is that what you meant?
thanks,
bryan
Re: [jira] Commented: (DERBY-1054) Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
Posted by Myrna van Lunteren <m....@gmail.com>.
n 4/5/07, Bryan Pendleton (JIRA) <ji...@apache.org> wrote:
>
> [ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12486977 ]
>
> Bryan Pendleton commented on DERBY-1054:
> ----------------------------------------
>
> Are there tests in our test suite for NetServlet?
>
I don't think so.
I've tested it manually for 10.1 and 10.2 - i.e. bring up the servlet
in some version of tomcat, check all the options, and ensure it all
looks ok. Also, at some point I have brought it up in a browser set to
a different language (Probably Brazilian/Portuguese, for we had some
changes to the servlet for that language). Finally I have done
accessibility testing on it - listen to the text being read in a
screen reader.
I am also wondering if allowing remote servers to get started - and
stopped - would pose a security risk. Unless the app server is started
with security manager, I guess.
I admit, I always interpreted the servlet more in the line of a demo
than a heavy-weight tool.
Myrna
[jira] Updated: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton updated DERBY-1054:
-----------------------------------
Derby Info: [Patch Available]
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Assigned To: Bryan Pendleton
> Attachments: cadminservlet98430.html, derby_1054_v1.diff, derby_1054_v2.diff, derby_docs_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton reassigned DERBY-1054:
--------------------------------------
Assignee: Bryan Pendleton
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Assigned To: Bryan Pendleton
> Attachments: cadminservlet98430.html, derby_1054_v1.diff, derby_1054_v2.diff, derby_docs_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12486977 ]
Bryan Pendleton commented on DERBY-1054:
----------------------------------------
Are there tests in our test suite for NetServlet?
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Attachments: derby_1054_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton updated DERBY-1054:
-----------------------------------
Attachment: cadminservlet98430.html
derby_docs_v1.diff
derby_1054_v2.diff
Attached is a revised version of the code patch proposal, and a docs patch proposal.
derby_1054_v2.diff includes additional information in the web.xml discussing the security considerations of setting the host paramter in the web.xml file. It also corrects the description of the tracingDirectory parameter, which had a copy-and-paste error.
derby_docs_v1.diff contains a modification to the servlet interface doc in the admin guide to document the new host parameter, and to describe the security considerations of that parameter.
cadminservlet98430.html shows the new doc page formatted as HTML, for easy reviewing.
Please let me know your feedback.
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Attachments: cadminservlet98430.html, derby_1054_v1.diff, derby_1054_v2.diff, derby_docs_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton updated DERBY-1054:
-----------------------------------
Attachment: derby_1054_v1.diff
This seems like a useful idea. One straightforward way to accomplish
this would be by adding another web.xml "init-param" parameter, similar
to the already existing parameter that allows controlling the port number.
Attached is 'derby_1054_v1.diff', a patch proposal which adds a 'host'
parameter to the web.xml file and enhances NetServlet to use that
parameter, if present, to set the NetworkServer host name parameter.
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Attachments: derby_1054_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton resolved DERBY-1054.
------------------------------------
Resolution: Fixed
Fix Version/s: 10.3.0.0
Derby Info: (was: [Patch Available])
Committed the code change to NetServlet and web.xml to
subversion as revision 535910, and committed the
documentation change to the Admin Guide to subversion
as revision 535912.
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Assigned To: Bryan Pendleton
> Fix For: 10.3.0.0
>
> Attachments: cadminservlet98430.html, derby_1054_v1.diff, derby_1054_v2.diff, derby_docs_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12486674 ]
Daniel John Debrunner commented on DERBY-1054:
----------------------------------------------
Just to confirm, the host parameter could only be changed from the server side, right?
Ie. allowing a URL that changed the host would be a security issue.
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Attachments: derby_1054_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12486680 ]
Bryan Pendleton commented on DERBY-1054:
----------------------------------------
Correct. This parameter is only added to the web.xml, and thus requires server-side access.
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Attachments: derby_1054_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-1054) Starting Derby with the NetServlet
inside of tomcat does not allow binding to non localhost interface.
Posted by "Bryan Pendleton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-1054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12486554 ]
Bryan Pendleton commented on DERBY-1054:
----------------------------------------
This doc page would also need to be changed to describe the new init-param:
http://db.apache.org/derby/docs/10.1/adminguide/cadminservlet98430.html
> Starting Derby with the NetServlet inside of tomcat does not allow binding to non localhost interface.
> ------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1054
> URL: https://issues.apache.org/jira/browse/DERBY-1054
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Environment: Gentoo & RedHat Linux.
> JDK 1.5.0.
> Tomcat 5.0.28
> Derby 10.1
> derby.war
> Reporter: Shane Powell
> Attachments: derby_1054_v1.diff
>
>
> I like the idea of using the NetServlet with the derby.war file inside of tomcat to allow Tomcat to start and stop my derby database. This makes it quite easy for some of our less than technical users. However, the NetServlet.java file appears to have "localhost" hard coded as the startup host. This forced Derby to start listening ONLY on 127.0.0.1. I tried passing the -Dderby.drda.host parameter through the java startup of Tomcat, but it doesn't appear to have any affect. Ideally, the NetServlet.java class should allow for a "host" parameter to be passed in via the web.xml file. That way we can easily control the listening interface.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.