You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by jt...@apache.org on 2006/09/22 01:10:03 UTC
svn commit: r448731 - in /db/derby/docs/trunk/src/devguide:
cdevcsecure10983.dita cdevcsecure21547.dita cdevcsecure864242.dita
cdevresman89722.dita rdevcsecure557.dita rdevexudclass.dita
tdevcsecureunencrypteddb.dita
Author: jta
Date: Thu Sep 21 16:10:02 2006
New Revision: 448731
URL: http://svn.apache.org/viewvc?view=rev&rev=448731
Log:
DERBY-1873 Developer's Guide updates based on 10.2 doc review comments
in the http://wiki.apache.org/db-derby/DeveloperGuideTenTwo Wiki page.
Patch derby1873_2.diff by Laura Stewart <sc...@gmail.com>.
Modified:
db/derby/docs/trunk/src/devguide/cdevcsecure10983.dita
db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita
db/derby/docs/trunk/src/devguide/cdevresman89722.dita
db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
db/derby/docs/trunk/src/devguide/rdevexudclass.dita
db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita
Modified: db/derby/docs/trunk/src/devguide/cdevcsecure10983.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure10983.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure10983.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure10983.dita Thu Sep 21 16:10:02 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-
+
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
"../dtd/concept.dtd">
<!--
@@ -20,21 +20,18 @@
-->
<concept id="cdevcsecure10983" xml:lang="en-us">
<title>Notes on the Derby security features</title>
-<shortdesc>Because <ph conref="devconrefs.dita#prod/productshortname"></ph> does
-not support traditional grant and revoke features, the security model has
-some basic limitations.</shortdesc>
+<shortdesc>The<ph conref="devconrefs.dita#prod/productshortname"></ph> security
+model has some basic limitations.</shortdesc>
<prolog><metadata>
-<keywords><indexterm>Security features<indexterm>limitations of</indexterm></indexterm>
+<keywords><indexterm>security features<indexterm>limitations</indexterm></indexterm>
</keywords>
</metadata></prolog>
<conbody>
-<p>For both embedded and client/server systems, it assumes that users are
-trusted. You must trust your full-access users not to perform undesirable
-actions. You lock out non full-access users with database properties, which
-are stored in the database (and in an encrypted database these properties
-are also encrypted). Note, however, for a distributed/embedded system that
-a sophisticated user with the database encryption key might be able to physically
-change those properties in the database files.</p>
+<p>You lock out non full-access users with database properties, which are
+stored in the database (and in an encrypted database these properties are
+also encrypted). Note, however, for a distributed/embedded system that a sophisticated
+user with the database encryption key might be able to physically change those
+properties in the database files.</p>
<p>In addition, in the <ph conref="devconrefs.dita#prod/productshortname"></ph> system,
it is not necessary to have a specific connection (or permission to access
a particular database) to shut down the system. Any authenticated user can
Modified: db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure21547.dita Thu Sep 21 16:10:02 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-
+
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
"../dtd/concept.dtd">
<!--
@@ -23,8 +23,9 @@
<shortdesc><ph conref="devconrefs.dita#prod/productshortname"></ph> provides
a simple, built-in repository of user names and passwords.</shortdesc>
<prolog><metadata>
-<keywords><indexterm>Users<indexterm>Derby's built-in repository</indexterm></indexterm>
-<indexterm>Passwords</indexterm></keywords>
+<keywords><indexterm>users<indexterm>built-in repository</indexterm></indexterm>
+<indexterm>passwords<indexterm>built-in repository</indexterm></indexterm>
+</keywords>
</metadata></prolog>
<conbody>
<p>To use the built-in repository, set <i>derby.authentication.provider</i> to <i>BUILTIN</i>.
@@ -33,7 +34,7 @@
<codeblock>derby.authentication.provider=BUILTIN</codeblock>
<p>You can create user names and passwords for <ph conref="devconrefs.dita#prod/productshortname"></ph> users
by specifying them with the <i>derby.user.UserName</i> property.</p>
-<note>These user names are case-sensitive for user authorization. User names
+<note>These user names are case-sensitive for user authentication. User names
are <i>SQL92Identifiers</i>. Delimited identifiers are allowed: <codeblock>derby.user."FRed"=java</codeblock></note>
<note>For passwords, it is a good idea not to use words that would be easily
guessed, such as a login name or simple words or numbers. A password should
Modified: db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevcsecure864242.dita Thu Sep 21 16:10:02 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-
+
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
"../dtd/concept.dtd">
<!--
@@ -26,12 +26,14 @@
Typically you would set these at the same level (database or system) for which
you configured the external authentication service.</shortdesc>
<prolog><metadata>
-<keywords><indexterm>JNDI properties for user authorization<indexterm>setting</indexterm></indexterm>
+<keywords><indexterm>JNDI properties<indexterm>setting</indexterm></indexterm>
+<indexterm>user authentication<indexterm>JNDI properties, setting</indexterm></indexterm>
+<indexterm>external authentication<indexterm>JNDI properties, setting</indexterm></indexterm>
</keywords>
</metadata></prolog>
<conbody>
<p>The list of supported properties can be found in Appendix A: JNDI Context
-Environment in the Java Naming and Direction API at <synph><var>http://java.sun.com/products/jndi/reference/api/index.html</var></synph>.
+Environment in the Java Naming and Directory API at <synph><var>http://java.sun.com/products/jndi/reference/api/index.html</var></synph>.
The external directory service must support the property.</p>
<p>Each JNDI provider has its set of properties that you can set within the <ph
conref="devconrefs.dita#prod/productshortname"></ph> system.</p>
Modified: db/derby/docs/trunk/src/devguide/cdevresman89722.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/cdevresman89722.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/cdevresman89722.dita (original)
+++ db/derby/docs/trunk/src/devguide/cdevresman89722.dita Thu Sep 21 16:10:02 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-
+
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
"../dtd/concept.dtd">
<!--
@@ -23,7 +23,11 @@
<shortdesc>Normally, you can simply work with the interfaces for <i>javax.sql.DataSource</i>, <codeph><i>javax.sql.ConnectionPoolDataSource</i></codeph
>, and <codeph><i>javax.sql.XADataSource</i></codeph>, as shown in the following
examples.</shortdesc>
-<prolog></prolog>
+<prolog><metadata>
+<keywords><indexterm>properties<indexterm>DataSource</indexterm></indexterm>
+<indexterm><indexterm>DataSource</indexterm>properties</indexterm><indexterm><indexterm>DataSource</indexterm>getting</indexterm>
+</keywords>
+</metadata></prolog>
<conbody>
<codeblock>
<b>//
@@ -50,14 +54,14 @@
is to be accessed, then one should call <i>setDatabaseName</i>("/local1/db/wombat")
on the data source object. </p></li>
<li><i>CreateDatabase</i> <p>Optional. Sets a property to create a database
-the next time the <i>XADataSource.getXAConection()</i> method is called. The
-string <i>createString</i> is always "create" (or possibly null). (Use the
-method <codeph><i>setDatabaseName()</i></codeph> to define the name of the
-database.)</p></li>
+the next time the <i>getConnection</i> method of a data source object is called.
+The string <i>createString</i> is always "create" (or possibly null). (Use
+the method <codeph><i>setDatabaseName()</i></codeph> to define the name of
+the database.)</p></li>
<li><i>ShutdownDatabase</i> <p>Optional. Sets a property to shut down a
database. The string <i>shutDownString</i> is always "shutdown" (or possibly
-null). Shuts down the database the next time <codeph><i>XADataSource.getXAConnection().getConnection()</i></codeph> method
-is called.</p></li>
+null). Shuts down the database the next time <codeph><i>getConnection</i></codeph> method
+of a data source object is called.</p></li>
<li><i>DataSourceName</i> <p>Optional. Name for ConnectionPooledDataSource
or XADataSource. Not used by the data source object. Used for informational
purpose only. </p></li>
Modified: db/derby/docs/trunk/src/devguide/rdevcsecure557.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevcsecure557.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevcsecure557.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevcsecure557.dita Thu Sep 21 16:10:02 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-
+
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
"../dtd/reference.dtd">
<!--
@@ -19,10 +19,14 @@
limitations under the License.
-->
<reference id="rdevcsecure557" xml:lang="en-us">
-<title>List of user-authentication properties</title>
+<title>List of user authentication properties</title>
<shortdesc>This table summarizes the various properties related to user authentication.</shortdesc>
+<prolog><metadata>
+<keywords><indexterm><indexterm>user authentication</indexterm>properties,
+list of</indexterm></keywords>
+</metadata></prolog>
<refbody>
-<table frame="all" id="cdevcsecure27690"><title>User Authentication Properties</title>
+<table frame="all" id="cdevcsecure27690"><title>User authentication properties</title>
<tgroup cols="2" colsep="1" rowsep="1"><colspec colname="1" colnum="1" colwidth="53*"/>
<colspec colname="2" colnum="2" colwidth="45*"/>
<thead>
@@ -46,19 +50,19 @@
the server.</entry>
</row>
<row>
-<entry colname="1"><i>derby.authentication.ldap.searchAuthDN, derby.authentication.ldap.searchAuthPW, <ph
-conref="devconrefs.dita#prod/productshortname"></ph>.authentication.ldap.searchFilter, </i> and <codeph><i> <ph
-conref="devconrefs.dita#prod/productshortname"></ph>.authentication. ldap.searchBase</i></codeph></entry>
-<entry colname="2">Configures the way DN searches are performed.</entry>
+<entry colname="1"><i>derby.authentication.ldap.searchAuthDN, derby.authentication.ldap.searchAuthPW,
+derby.authentication.ldap.searchFilter,</i> and <i>derby.authentication.ldap.searchBase</i></entry>
+<entry colname="2">Configures the way that DN searches are performed.</entry>
</row>
<row>
<entry colname="1"><i>derby.user.UserName</i></entry>
-<entry colname="2">Creates a user name and password for <ph conref="devconrefs.dita#prod/productshortname"></ph>'s
-built-in user repository.</entry>
+<entry colname="2">Creates a user name and password for the built-in user
+repository in<ph conref="devconrefs.dita#prod/productshortname"></ph>.</entry>
</row>
<row>
<entry colname="1"><i>java.naming.*</i></entry>
-<entry colname="2">JNDI properties. See Appendix A in the JNDI API reference for more information about these.</entry>
+<entry colname="2">JNDI properties. See Appendix A in the JNDI API reference
+for more information about these properties.</entry>
</row>
</tbody>
</tgroup>
Modified: db/derby/docs/trunk/src/devguide/rdevexudclass.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/rdevexudclass.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/rdevexudclass.dita (original)
+++ db/derby/docs/trunk/src/devguide/rdevexudclass.dita Thu Sep 21 16:10:02 2006
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
-
+
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DITA Reference//EN"
"../dtd/reference.dtd">
<!--
@@ -20,8 +20,11 @@
-->
<reference id="rdevexudclass" xml:lang="en-us">
<title>Example of setting a user-defined class</title>
-<shortdesc>A very simple example of a class that implements the <i>org.apache.derby.authentication</i> interface.</shortdesc>
-<prolog></prolog>
+<shortdesc>A very simple example of a class that implements the <i>org.apache.derby.authentication.UserAuthenticator </i> interface.</shortdesc>
+<prolog><metadata>
+<keywords><indexterm>user-defined classes<indexterm>setting</indexterm></indexterm>
+</keywords>
+</metadata></prolog>
<refbody>
<example> <codeblock>import org.apache.derby.authentication.UserAuthenticator;
import java.io.FileInputStream;
@@ -31,7 +34,7 @@
* A simple example of a specialized Authentication scheme.
* The system property 'derby.connection.requireAuthentication'
* must be set
- * to true and 'derby.connection.specificAuthentication' must
+ * to true and 'derby.authentication.provider' must
* contain the full class name of the overriden authentication
* scheme, i.e., the name of this class.
*
Modified: db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita?view=diff&rev=448731&r1=448730&r2=448731
==============================================================================
--- db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita (original)
+++ db/derby/docs/trunk/src/devguide/tdevcsecureunencrypteddb.dita Thu Sep 21 16:10:02 2006
@@ -44,7 +44,7 @@
consuming process because it involves encrypting all of the existing data
in the database. If the process is interrupted before completion, all the
changes are rolled back the next time that the database is booted. If the
-interruption occurs immediately after the database is encryped but before
+interruption occurs immediately after the database is encrypted but before
the connection is returned to the application, you might not be able to boot
the database without the boot password or external encryption key. In these
rare circumstances, you should try to boot the database with the boot password
@@ -54,8 +54,8 @@
disk space is required to store the old version of the data to restore the
database back to it's original state if the encryption is interrupted or returns
errors. All of the temporary disk space is released back to the operating
-system after the database is encrypted.</note><p>To encrypting an existing
-unencrypted database:</p></context>
+system after the database is encrypted.</note><p>To encrypt an existing unencrypted
+database:</p></context>
<steps>
<step><cmd>Specify the <i>dataEncryption=true</i> attribute and either the <i>encryptionKey</i> attribute
or the <i>bootPassword</i> attribute in a URL and boot the database.</cmd>