You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by bp...@apache.org on 2018/03/12 02:54:39 UTC
svn commit: r1826488 - in /db/derby/docs/branches/10.14/src/security:
csecjavasecurity.dita rsecnetservbasic.dita tsecnetservrun.dita
Author: bpendleton
Date: Mon Mar 12 02:54:39 2018
New Revision: 1826488
URL: http://svn.apache.org/viewvc?rev=1826488&view=rev
Log:
Clarify the documentation around using a Java Security Manager
policy file for the Derby Network Server:
1) More strongly recommend the use of a Java Security Manager
for the Derby Network Server, as it may be accessed from remote
systems and therefore needs to be protected.
2) Incorporate the changed template policy file, in which the
ALL FILES directive is now commented out, and strong language
says that you should not simply comment it back in.
3) Improve the documentation of how to build your own security
policy file from the template policy file, to make it more
clear that you must think carefully about which directories
on your file system you should allow the Derby Network Server
to access.
Modified:
db/derby/docs/branches/10.14/src/security/csecjavasecurity.dita
db/derby/docs/branches/10.14/src/security/rsecnetservbasic.dita
db/derby/docs/branches/10.14/src/security/tsecnetservrun.dita
Modified: db/derby/docs/branches/10.14/src/security/csecjavasecurity.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.14/src/security/csecjavasecurity.dita?rev=1826488&r1=1826487&r2=1826488&view=diff
==============================================================================
--- db/derby/docs/branches/10.14/src/security/csecjavasecurity.dita (original)
+++ db/derby/docs/branches/10.14/src/security/csecjavasecurity.dita Mon Mar 12 02:54:39 2018
@@ -74,7 +74,13 @@ information on <ph conref="../conrefs.di
see "Controlling tracing by using the trace facility" in the
<ph conref="../conrefs.dita#pub/citadmin"></ph>.</li>
<li><b>Backups/imports/jars</b>: Look for the first instance of the string
-<codeph><<ALL FILES>></codeph>. Make two more copies of this line so that
+<codeph><<ALL FILES>></codeph>. Note that this line is just a comment,
+as it is not safe to use the <codeph><<ALL FILES>></codeph> syntax in
+a production deployment of the
+<ph conref="../conrefs.dita#prod/productshortname"></ph>
+Network Server. In order to specify these file locations, you will need
+to uncomment this line and then proceed as follows.
+ Make two more copies of this line so that
there are three copies of this line in the file. On the first line, replace
<codeph><<ALL FILES>></codeph> with the directory tree that you will use
for holding database backups. For example:
@@ -99,8 +105,10 @@ classpath.</p>
<codeph>java -jar derbyrun.jar</codeph>, the first relevant jar file in the
classpath is <codeph>derby.jar</codeph>. The template policy file grants these
permissions to <codeph>derbynet.jar</codeph>. Note that the template policy file
-grants <codeph>sysinfo</codeph> the privilege to read all files in the system.
-You can restrict this to just the directory that contains the jar files wired
+does not grant <codeph>sysinfo</codeph> the privilege to read any files
+in the system, as the permission line in the template is commented out.
+You can remove the comment markers, but you should restrict this permission
+to just the directory that contains the jar files wired
into your classpath.</note></p></li>
<li><b>Sockets</b>: The template policy file accepts connection requests from
all hosts. You may want to restrict the template file's
Modified: db/derby/docs/branches/10.14/src/security/rsecnetservbasic.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.14/src/security/rsecnetservbasic.dita?rev=1826488&r1=1826487&r2=1826488&view=diff
==============================================================================
--- db/derby/docs/branches/10.14/src/security/rsecnetservbasic.dita (original)
+++ db/derby/docs/branches/10.14/src/security/rsecnetservbasic.dita Mon Mar 12 02:54:39 2018
@@ -72,10 +72,14 @@ grant codeBase "${derby.install.url}derb
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
- // You may want to restrict this access to specific directories.
+ // NOTE: this permission is commented out. You should NOT grant blanket
+ // permission to the entire filesystem! If you choose to use this
+ // permission to allow the server to access files outside of the
+ // server's home directory, you should name those specific directories
+ // in the permisson (that is, do NOT specify ALL FILES).
//
- permission java.io.FilePermission "<<ALL FILES>>",
- "read,write,delete";
+ // permission java.io.FilePermission "<<ALL FILES>>",
+ // "read,write,delete";
// Permissions needed for JMX based management and monitoring.
//
@@ -161,10 +165,11 @@ grant codeBase "${derby.install.url}derb
//
//permission java.net.SocketPermission "*", "connect,resolve";
- // Needed by sysinfo. The file permission is needed to
- // check the existence of jars on the classpath. You can
- // limit this permission to just the locations which hold
- // your jar files.
+ // Needed by sysinfo. A file permission is needed to check the existence of
+ // jars on the classpath. Note that this permission is commented out!
+ // You should limit this permission to just the locations which hold
+ // your jar files; do NOT grant blanket permission to read the entire
+ // filesystem.
//
// In this template file, this block of permissions is granted
// to derbynet.jar under the assumption that derbynet.jar is
@@ -186,7 +191,8 @@ grant codeBase "${derby.install.url}derb
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
+ // permission java.io.FilePermission "${derby.install.directory}${/}-",
+ // "read";
};</codeblock>
</section>
</refbody>
Modified: db/derby/docs/branches/10.14/src/security/tsecnetservrun.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.14/src/security/tsecnetservrun.dita?rev=1826488&r1=1826487&r2=1826488&view=diff
==============================================================================
--- db/derby/docs/branches/10.14/src/security/tsecnetservrun.dita (original)
+++ db/derby/docs/branches/10.14/src/security/tsecnetservrun.dita Mon Mar 12 02:54:39 2018
@@ -29,10 +29,17 @@ enforces a Basic policy.</shortdesc>
</keywords></metadata></prolog>
<taskbody>
<context>
-<p>You are encouraged to customize this policy to fit the security needs of your
+<p>You are strongly encouraged to customize this policy to fit the security needs of your
application and its runtime environment.</p>
<p>You may also run the Network Server without a security manager, although this
-is not recommended.</p>
+is not recommended.
+Without a security manager in place, the Network Server should not
+be deployed in such a manner as to allow for connections from untrusted
+networks.
+A firewall or other security tool should be used in such a scenario.</p>
+<p>A firewall or other security tool is also good practice
+in addition to running the Network Server with a carefully-written
+security policy file.</p>
<p>The default policy is used if you boot the Network Server as your VM's entry
point, using a command like the following:</p>
<codeblock><b>java org.apache.derby.drda.NetworkServerControl start ...</b></codeblock>