You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by da...@apache.org on 2007/07/25 20:51:01 UTC

svn commit: r559555 - in /db/derby/code/branches/10.3/java/drda/org/apache/derby/drda: server.policy template.policy

Author: dag
Date: Wed Jul 25 11:50:59 2007
New Revision: 559555

URL: http://svn.apache.org/viewvc?view=rev&rev=559555
Log:
DERBY-2963 Merged from trunk as 
svn merge -r 559435:559436 https://svn.apache.org/repos/asf/db/derby/code/trunk .

Original comment:
DERBY-2963 Extending SocketPermission to all hosts ("*") in the default policy file
to make server start compatible with pre-10.3 versions which allowed any host to connect
if no security manager was used.
Also added comment that user may want to restrict this permission.


Modified:
    db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy

Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=559555&r1=559554&r2=559555
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy Wed Jul 25 11:50:59 2007
@@ -28,6 +28,16 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.security.host}", "accept"; 
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+  permission java.net.SocketPermission "*", "accept"; 
+
 };
 

Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy?view=diff&rev=559555&r1=559554&r2=559555
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy Wed Jul 25 11:50:59 2007
@@ -40,6 +40,16 @@
 //
 // This permission lets the Network Server manage connections from clients.
 //
-  permission java.net.SocketPermission "${derby.security.host}", "accept"; 
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+  permission java.net.SocketPermission "*", "accept"; 
+
 };