You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by da...@apache.org on 2007/07/25 20:51:01 UTC
svn commit: r559555 - in
/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda: server.policy
template.policy
Author: dag
Date: Wed Jul 25 11:50:59 2007
New Revision: 559555
URL: http://svn.apache.org/viewvc?view=rev&rev=559555
Log:
DERBY-2963 Merged from trunk as
svn merge -r 559435:559436 https://svn.apache.org/repos/asf/db/derby/code/trunk .
Original comment:
DERBY-2963 Extending SocketPermission to all hosts ("*") in the default policy file
to make server start compatible with pre-10.3 versions which allowed any host to connect
if no security manager was used.
Also added comment that user may want to restrict this permission.
Modified:
db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy
db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy
Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=559555&r1=559554&r2=559555
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/server.policy Wed Jul 25 11:50:59 2007
@@ -28,6 +28,16 @@
//
// This permission lets the Network Server manage connections from clients.
//
- permission java.net.SocketPermission "${derby.security.host}", "accept";
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+ permission java.net.SocketPermission "*", "accept";
+
};
Modified: db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy?view=diff&rev=559555&r1=559554&r2=559555
==============================================================================
--- db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/branches/10.3/java/drda/org/apache/derby/drda/template.policy Wed Jul 25 11:50:59 2007
@@ -40,6 +40,16 @@
//
// This permission lets the Network Server manage connections from clients.
//
- permission java.net.SocketPermission "${derby.security.host}", "accept";
+
+// Accept connections from any host. Derby is listening to the host
+// interface specified via the -h option to "NetworkServerControl
+// start" on the command line, via the address parameter to the
+// org.apache.derby.drda.NetworkServerControl constructor in the API
+// or via the property derby.drda.host; the default is localhost.
+// You may want to restrict allowed hosts, e.g. to hosts in a specific
+// subdomain, e.g. "*.acme.com".
+
+ permission java.net.SocketPermission "*", "accept";
+
};