You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ch...@apache.org on 2014/06/03 22:41:03 UTC
svn commit: r1599789 - /db/derby/docs/trunk/src/adminguide/
Author: chaase3
Date: Tue Jun 3 20:41:03 2014
New Revision: 1599789
URL: http://svn.apache.org/r1599789
Log:
DERBY-6217 Put all of the security documentation in a single, separate user guide
Modified 10 Admin Guide topics and map file; removed 17 topics.
Patches: DERBY-6217-admin.diff
Removed:
db/derby/docs/trunk/src/adminguide/cadminapps49914.dita
db/derby/docs/trunk/src/adminguide/cadminapps811631.dita
db/derby/docs/trunk/src/adminguide/cadminapps811656.dita
db/derby/docs/trunk/src/adminguide/cadminapps811695.dita
db/derby/docs/trunk/src/adminguide/cadminappsclientsecurity.dita
db/derby/docs/trunk/src/adminguide/cadminnetservfileperms.dita
db/derby/docs/trunk/src/adminguide/cadminnetservsecurity.dita
db/derby/docs/trunk/src/adminguide/cadminssl.dita
db/derby/docs/trunk/src/adminguide/cadminssladmin.dita
db/derby/docs/trunk/src/adminguide/cadminsslclient.dita
db/derby/docs/trunk/src/adminguide/cadminsslkeys.dita
db/derby/docs/trunk/src/adminguide/cadminsslserver.dita
db/derby/docs/trunk/src/adminguide/tadminnetservbasic.dita
db/derby/docs/trunk/src/adminguide/tadminnetservcustom.dita
db/derby/docs/trunk/src/adminguide/tadminnetservopen.dita
db/derby/docs/trunk/src/adminguide/tadminnetservrun.dita
db/derby/docs/trunk/src/adminguide/tadminnetservusrauth.dita
Modified:
db/derby/docs/trunk/src/adminguide/cadminapps.dita
db/derby/docs/trunk/src/adminguide/cadminappsclient.dita
db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita
db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita
db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita
db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita
db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita
db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita
db/derby/docs/trunk/src/adminguide/tadminadv804410.dita
db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita
Modified: db/derby/docs/trunk/src/adminguide/cadminapps.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminapps.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminapps.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminapps.dita Tue Jun 3 20:41:03 2014
@@ -28,6 +28,9 @@ using the Network Server.</shortdesc>
<keywords><indexterm>Network Server<indexterm>Differences with embedded driver</indexterm></indexterm></keywords>
</metadata></prolog>
<conbody>
+<p>See "Configuring Network Server authentication in special circumstances" in
+the <ph conref="../conrefs.dita#pub/citsec"></ph> for information about
+authentication that is specific to the Network Server.</p>
<note>There may be undocumented differences that have not yet been
identified.</note>
</conbody>
Modified: db/derby/docs/trunk/src/adminguide/cadminappsclient.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminappsclient.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminappsclient.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminappsclient.dita Tue Jun 3 20:41:03 2014
@@ -27,6 +27,9 @@ authentication.</shortdesc>
<keywords><indexterm>Network client driver</indexterm></keywords>
</metadata></prolog>
<conbody>
+<p>See "Configuring user authentication" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about configuring
+Network Server authentication.</p>
<p>The driver that you need to access the Network Server is:
<codeblock>org.apache.derby.jdbc.ClientDriver</codeblock></p>
<p>The syntax of the URL that is required to access the Network Server is:
@@ -194,8 +197,9 @@ append to the existing trace file.</entr
<row>
<entry colname="col1"><codeph>securityMechanism</codeph></entry>
<entry colname="col2"><codeph>Integer</codeph></entry>
-<entry colname="col3">The security mechanism. See
-<xref href="cadminappsclientsecurity.dita#cadminappsclientsecurity"></xref>.</entry>
+<entry colname="col3">The security mechanism. See "Configuring Network Client
+authentication without SSL/TLS" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph>.</entry>
<entry colname="COLSPEC1"><codeph>securityMechanism</codeph></entry>
<entry colname="col4">The default is <codeph>USER_ONLY_SECURITY</codeph>.</entry>
</row>
@@ -213,8 +217,8 @@ work.</entry>
<row>
<entry colname="col1"><codeph>ssl</codeph></entry>
<entry colname="col2"><codeph>String</codeph></entry>
-<entry colname="col3">The SSL mode for the client connection. See
-<xref href="cadminssl.dita#cadminssl"></xref>.</entry>
+<entry colname="col3">The SSL mode for the client connection. See "Configuring
+SSL/TLS" in the <ph conref="../conrefs.dita#pub/citsec"></ph>.</entry>
<entry colname="COLSPEC1"><codeph>ssl</codeph></entry>
<entry colname="col4">The default is <codeph>off</codeph>.</entry>
</row>
Modified: db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminreplicsecurity.dita Tue Jun 3 20:41:03 2014
@@ -39,8 +39,9 @@ permission java.net.SocketPermission "lo
<codeph>slaveHost=<i>hostname</i></codeph> and
<codeph>slavePort=<i>portValue</i></codeph> attributes, which are described in
the <ph conref="../conrefs.dita#pub/citref"></ph>.</p>
-<p>See <xref href="tadminnetservbasic.dita#tadminnetservbasic"></xref> for
-details on the security policy file.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for details on the security policy
+file.</p>
<p>Depending on the security mode
<ph conref="../conrefs.dita#prod/productshortname"></ph> is running under, the
measures described in the following table are enforced when you specify the
Modified: db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita (original)
+++ db/derby/docs/trunk/src/adminguide/cadminservlet98430.dita Tue Jun 3 20:41:03 2014
@@ -60,9 +60,9 @@ initialized.</dd>
<dd>Specifies the location for trace files. If the tracing directory is not
specified, the traces are placed in <codeph>derby.system.home</codeph>.</dd>
</dlentry></dl>
-<section><title>Security Considerations</title>
-<p>For general security considerations for the Network Server, see
-<xref href="cadminnetservsecurity.dita"></xref>.</p>
+<section><title>Security considerations</title>
+<p>For general security considerations for the Network Server, see the
+<ph conref="../conrefs.dita#pub/citsec"></ph>.</p>
<p>The <codeph>host</codeph> parameter allows configuration of the host name
that will be used for the listening socket for network connections. By default,
the Network Server will listen to requests only on the loopback address, which
Modified: db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap (original)
+++ db/derby/docs/trunk/src/adminguide/derbyadmin.ditamap Tue Jun 3 20:41:03 2014
@@ -215,8 +215,6 @@ method"></topicref>
</topicref>
</topicref>
<topicref collection-type="family" href="cadminappsclient.dita" navtitle="Accessing the Network Server by using the network client driver">
-<topicref href="cadminappsclientsecurity.dita" navtitle="Network client security">
-</topicref>
<topicref href="cadminappsclienttracing.dita" navtitle="Network client tracing">
</topicref>
<topicref href="radminappsclientxmp.dita" navtitle="Network client driver examples">
@@ -242,14 +240,6 @@ Server">
</topicref>
<topicref href="radminappsresultsetdiffs.dita" navtitle="Updatable Result Sets">
</topicref>
-<topicref collection-type="family" href="cadminapps49914.dita" navtitle="User authentication differences">
-<topicref href="cadminapps811631.dita" navtitle="Network Server user authentication when user authentication is on in Derby">
-</topicref>
-<topicref href="cadminapps811656.dita" navtitle="Network Server user authentication when user authentication is off
-in Derby"></topicref>
-<topicref href="cadminapps811695.dita" navtitle="Enabling the encrypted user ID and password security mechanism">
-</topicref>
-</topicref>
<topicref href="cadminappsjdbcdiffs.dita" navtitle="Differences in JDBC methods">
</topicref>
<topicref href="cadminappsdiffsreadonly.dita" navtitle="Differences using the Connection.setReadOnly method">
@@ -316,22 +306,6 @@ navtitle="Setting Network Server propert
</topicref>
</topicref>
<topicref collection-type="family" href="cadminadvtops.dita" navtitle="Derby Network Server advanced topics">
-<topicref href="cadminnetservsecurity.dita" navtitle="Network Server security">
-</topicref>
-<topicref href="cadminnetservfileperms.dita" navtitle="Controlling database file access">
-</topicref>
-<topicref collection-type="family" href="tadminnetservrun.dita" navtitle="Running the Network Server under the security manager">
-<topicref href="tadminnetservbasic.dita" navtitle="Basic Network Server security policy"></topicref>
-<topicref href="tadminnetservcustom.dita" navtitle="Customizing the Network Server's security policy"></topicref>
-<topicref href="tadminnetservopen.dita" navtitle="Running the Network Server without a security policy"></topicref>
-</topicref>
-<topicref href="tadminnetservusrauth.dita" navtitle="Running the Network Server with user authentication"></topicref>
-<topicref collection-type="family" href="cadminssl.dita" navtitle="Network encryption and authentication with SSL/TLS">
-<topicref href="cadminsslkeys.dita" navtitle="Key and certificate handling"></topicref>
-<topicref href="cadminsslserver.dita" navtitle="Starting the server with SSL/TLS"></topicref>
-<topicref href="cadminsslclient.dita" navtitle="Running the client with SSL/TLS"></topicref>
-<topicref href="cadminssladmin.dita" navtitle="Other server commands"></topicref>
-</topicref>
<topicref href="tadminconfiguringthenetworkserver.dita" navtitle="Configuring the Network Server to handle connections">
</topicref>
<topicref href="tadminlogfile.dita" navtitle="Controlling logging by using the log file">
Modified: db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminconfigdb2jdrdatracedirectory.dita Tue Jun 3 20:41:03 2014
@@ -34,8 +34,9 @@ directory created, the policy must allow
<codeblock>permission java.io.FilePermission "<i>directory</i>", "read,write";</codeblock>
<p>and for the trace directory itself, the policy must allow</p>
<codeblock>permission java.io.FilePermission "<i>tracedirectory</i>${/}-", "write";</codeblock>
-<p>See <xref href="tadminnetservcustom.dita#tadminnetservcustom"></xref> for
-information about customizing the Network Server's security policy.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about customizing
+the Network Server's security policy.</p>
</section>
<refsyn><title>Syntax</title>
<codeblock>derby.drda.traceDirectory=<i>traceFileDirectory</i></codeblock>
Modified: db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminjmxdisable.dita Tue Jun 3 20:41:03 2014
@@ -37,8 +37,7 @@ completely.</p>
<p>The second technique is to run the Network Server with a custom security
policy that does not grant <codeph>derby.jar</codeph> the permissions needed to
register MBeans. For example, you can modify the Network Server's basic policy
-(see <xref href="tadminnetservbasic.dita#tadminnetservbasic"></xref>) by
-commenting out this section:</p>
+by commenting out this section:</p>
<codeblock>// Allows access to <ph conref="../conrefs.dita#prod/productshortname"></ph>'s built-in MBeans, within the domain
// org.apache.derby.
// <ph conref="../conrefs.dita#prod/productshortname"></ph> must be allowed to register and unregister these MBeans.
@@ -54,6 +53,9 @@ permission javax.management.MBeanPermiss
<codeph>derby.jar</codeph>,
<ph conref="../conrefs.dita#prod/productshortname"></ph> will silently skip
starting the management service at boot time.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about customizing
+the Network Server's security policy.</p>
</section>
</refbody>
</reference>
Modified: db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepolicy.dita Tue Jun 3 20:41:03 2014
@@ -51,8 +51,9 @@ the permissions you may need to set to a
This recommendation also applies if you are running
<ph conref="../conrefs.dita#prod/productshortname"></ph> embedded with a
security manager installed.</p>
-<p>See <xref href="tadminnetservrun.dita#tadminnetservrun"></xref> for more
-information about security policy files.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for more information about
+security policy files.</p>
<p>Some example permissions are included in the following code. These
permissions are not necessarily suitable for any particular application or
environment; some customization is probably needed. Only permissions relating to the
Modified: db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita (original)
+++ db/derby/docs/trunk/src/adminguide/radminjmxenablepwdssl.dita Tue Jun 3 20:41:03 2014
@@ -67,10 +67,9 @@ details.</note></p>
<p>In the example above, system properties specify the keystore containing the
server's key pair, the keystore password, the truststore containing the client
certificates, and the truststore password. Setting up SSL keystores and
-truststores is partly described in
-<xref href="cadminsslkeys.dita#cadminsslkeys"></xref>. Other topics in the
-section <xref href="cadminssl.dita#cadminssl"></xref> provide information on
-protecting database network traffic using SSL.</p>
+truststores is described in the section "Configuring SSL/TLS" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph>, along with more information
+on protecting database network traffic using SSL.</p>
<p>When you configure SSL as described above, the following requirements
apply:</p>
<ul>
Modified: db/derby/docs/trunk/src/adminguide/tadminadv804410.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadminadv804410.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadminadv804410.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadminadv804410.dita Tue Jun 3 20:41:03 2014
@@ -58,8 +58,9 @@ directory created, the policy must allow
<codeblock>permission java.io.FilePermission "<i>directory</i>", "read,write";</codeblock>
<p>For the trace directory itself, the policy must allow</p>
<codeblock>permission java.io.FilePermission "<i>tracedirectory</i>${/}-", "write";</codeblock>
-<p>See <xref href="tadminnetservcustom.dita#tadminnetservcustom"></xref> for
-information about customizing the Network Server's security policy.</p>
+<p>See "Configuring Java security" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph> for information about customizing
+the Network Server's security policy.</p>
</stepxmp>
</step>
</steps>
Modified: db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita?rev=1599789&r1=1599788&r2=1599789&view=diff
==============================================================================
--- db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita (original)
+++ db/derby/docs/trunk/src/adminguide/tadmincbdjhhfd.dita Tue Jun 3 20:41:03 2014
@@ -32,21 +32,21 @@ such as blocked ports on the server.</no
<example>
<p>
You are strongly urged to enable user authentication and user authorization when
-you run a Network Server. For details on how to configure user authentication,
-see "Working with user authentication" in the
-<ph conref="../conrefs.dita#pub/citdevelop"></ph>. For information on user
-authorization, see "Users and authorization identifiers" and "User
-authorizations" in the <ph conref="../conrefs.dita#pub/citdevelop"></ph>. You
+you run a Network Server. For details on how to configure user authentication
+and authorization,
+see "Configuring user authentication" and "Configuring user authorization" in
+the <ph conref="../conrefs.dita#pub/citsec"></ph>. You
are also urged to install a Java security manager with a customized security
-policy. For details on how to do this, see
-<xref href="tadminnetservcustom.dita#tadminnetservcustom"></xref>.</p>
+policy. For details on how to do this, see "Configuring Java security," also in
+the <ph conref="../conrefs.dita#pub/citsec"></ph>.</p>
<p>If you are running Java SE 7 or later, and if you start the
<ph conref="../conrefs.dita#prod/productshortname"></ph> Network Server from the
command line as described here, access to databases and to other
<ph conref="../conrefs.dita#prod/productshortname"></ph> files is by default
restricted to the operating system account that started the Network Server. It
is possible to override this default behavior. For more information, see
-<xref href="cadminnetservfileperms.dita#cadminnetservfileperms"></xref>.</p>
+"Restricting file permissions" in the
+<ph conref="../conrefs.dita#pub/citsec"></ph>.</p>
<p>You can start the Network Server in any of the following ways:</p>
<ul>
<li><p>If you are relatively new to the Java programming language, follow the