You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <de...@db.apache.org> on 2005/09/09 18:45:30 UTC
[jira] Commented: (DERBY-474) Improve Network Server security documentation
[ http://issues.apache.org/jira/browse/DERBY-474?page=comments#action_12323057 ]
Kathey Marsden commented on DERBY-474:
--------------------------------------
Documentation should also be updated to have an appropriate warning about using the bootPassword attribute from a client. .
Currently with Network Client embeded attributes are sent as clear text to the server even when encrypted user id and password are specified as the security mechanism.
> Improve Network Server security documentation
> ----------------------------------------------
>
> Key: DERBY-474
> URL: http://issues.apache.org/jira/browse/DERBY-474
> Project: Derby
> Type: Improvement
> Components: Documentation
> Versions: 10.2.0.0
> Reporter: Kathey Marsden
>
> The network server security documentation should document security manager permissions needed separate from the example policy file.
> The example policy file should separate permissions by jar file.
> There should not be examples of starting network server with the -h 0.0.0.0 option without using security manager.
> Risks of running outside of security manager and without user authentication should be documented.
> Discussion should be included about client encrypted user id password and associated limitations.
> The section should mention that there is no data stream encryption with network server.
> http://incubator.apache.org/derby/docs/adminguide/tadminnetservrun.html
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira