You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2008/02/25 20:08:54 UTC
[jira] Created: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
---------------------------------------------------------------------------------------------------------------------------------------------------------
Key: DERBY-3462
URL: https://issues.apache.org/jira/browse/DERBY-3462
Project: Derby
Issue Type: Sub-task
Components: JMX, Security
Reporter: Daniel John Debrunner
Priority: Minor
Plan is to implement proposal defined in:
http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
E.g.
jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578800#action_12578800 ]
Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------
> If JMX authentication is enabled, and the custom policy file includes permissions for a specific user to perform a set of JMX actions, then are the above mentioned permissions still needed for derby.jar,
It's standard Java permission use, which I didn't think I wanted to explain in a comment in an internal policy file :-)
The permission needs to be granted to protection domains on the stack including derby.jar, since that is the code executing the permission check.
When Java Subject based authentication is used then the permission must be granted to those subjects as well.
So at one level it's hard to answer the question because I don't know what permissions are granted in the custom policy file.
E.g. this in the policy file (guide only not exact syntax)
grant principal JMXPrincipal "DAN" {
permission SystemPermission "jmx", "control";
}
grants jmx control permission for the DAN for all code bases, thus no additional grant would be required.
The following would not be sufficient as the code calling into Derby (the system jmx code in some cases) does not have the required permission.
Even though it is system code the permission needs to be granted to the code and the Subject in each domain, and the Subject (containing JMXPrincipal DAN) is not granted permissions outside of the protection domain including derby.jar
grant codebase "file...derby.jar" principal JMXPrincipal "DAN" {
permission SystemPermission "jmx", "control"
}
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578808#action_12578808 ]
John H. Embretsen commented on DERBY-3462:
------------------------------------------
Thanks, that was just about the kind of details I was looking for :)
I will try to refresh my Java security know-how soon - I think it is needed...
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578746#action_12578746 ]
Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------
> Does this mean that these permissions serve no purpose if JMX authentication is enabled?
The basic policy file is just that, a basic policy. If the JMX authentication is being used then the application needs to use a specific policy file that grants permissions to specific users as required, it's simply out of scope for the basic policy.
> If both permissions ("control" and "monitor") are included for the network server in the default policy file, why don't we leave distinguishing between sensitive actions and non-sensitive actions to the admin? Admins may have different views of which actions are security sensitive and which are not...
I don't understand what you are proposing here. The code has to be the place that indicates what permissions are required, that can't be set by an application. An application can only decide what permissions are granted.
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578867#action_12578867 ]
Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------
I'm planning to merge the security related changes to the 10.4 branch so that 10.4 is not released with security issues related to JMX and to avoids future backwards compatibility issues.
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12584595#action_12584595 ]
John H. Embretsen commented on DERBY-3462:
------------------------------------------
I'd like to mark DERBY-1387 (this issue's parent) as resolved for the 10.4 release. Code related to this issue has gone into both trunk and 10.4, but I don't know if there are plans to do more. Should this issue be converted to a standalone issue, or could it be considered resolved/fixed?
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578772#action_12578772 ]
John H. Embretsen commented on DERBY-3462:
------------------------------------------
Let me rephrase the first question, I hope this is more clear:
If JMX authentication is enabled, and the custom policy file includes permissions for a specific user to perform a set of JMX actions, then are the above mentioned permissions still needed for derby.jar, or are they not?
I guess I could find out by experimenting and reading code, but I thought I might just as well ask.
The last part I guess was part of an attempt to understand the relationship between the new system permissions and MBeanPermission. Again, I think experimenting and studying code would help me do this, but some more examples on the wiki or in the javadocs probably woldn't hurt either.
By the way, if you have any thoughts on what kind of documentation (DITA) should/could be included in 10.4 for the JMX work, please add a comment to DERBY-3540. I guess doc efforts would depend on whether or not this security work is going to be part of 10.4, and when it will stabilize.
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572280#action_12572280 ]
Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------
Added a comment to DERBY-2109 about changing the permission names & actions so that names represent objects and actions actions, which is the intention of the Permission class. A name like jmxControl represents an action (control) and a name (jmx).
https://issues.apache.org/jira/browse/DERBY-2109?focusedCommentId=12572278#action_12572278
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John H. Embretsen reassigned DERBY-3462:
----------------------------------------
Assignee: Daniel John Debrunner
Assigned this issue to Dan since he has been actively working on this.
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578822#action_12578822 ]
Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------
> an attempt to understand the relationship between the new system permissions and MBeanPermission
There is no relationship, they are independent permissions.
It's a multi-step process for a jmx client using an MBean.
1) Get a handle to an MBean. This requires MBeanPermission in various forms, depending on how the MBean is obtained. This is standard JMX, the permissions are described in the javadoc for MBeanServerConnection.
2) Get/set an attribute or invoke an operation - This requires MBeanPermission in various different forms from step 1, e.g. the "Invoke" action on the target-name.
Note MBeanPermission allows fine grained control, the target-name is the {classname,field,ObjectName} for the MBean and supports patterns. Thus I can give a user the ability to only invoke a specific operation on a single DerbyMBean, or just get attributes on all Derby Mbeans, or only find VersionMBeans and perform gets on those, or access all Derby's Mbeans etc.
3) Get a Derby attribute or invoke an operation - This requires the Derby permission specific to that capability, at the moment it's one form of SystemPermission. With future capabilities it might require a database level GRANT/REVOKE permission.
Note that this mimics what the jmx does with its platform MBeans
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578702#action_12578702 ]
John H. Embretsen commented on DERBY-3462:
------------------------------------------
I must admit it is not easy to follow all the commits going on in this area (system permissions and JMX). I hope others are able to look at these changes as well, eventually.
In the default server policy, the following is granted to derby.jar:
// Gives permission for jmx to be used against Derby but
// only if JMX authentication is not being used.
// In that case the application would need to create
// a whole set of fine-grained permissions to allow specific
// users access to MBeans and actions they perform.
permission org.apache.derby.security.SystemPermission "jmx", "control";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
permission org.apache.derby.security.SystemPermission "server", "monitor";
Does this mean that these permissions serve no purpose if JMX authentication is enabled? Or are these permissions needed in addition to any user-specific fine-grained permissions in that case?
I have not studied the code in detail yet, but I'm trying to understand the comments independently from that...
Regarding permission usage, I don't think I fully understand the reasoning behind it, but I guess that is to be expected given the following sentence from the wiki:
"Exact use for these various permissions may become clear as attributes and operations are added to MBeans (and new MBeans added)."
For others trying to understand this, here are some notes (ramblings) I've made that may of interest:
Control is defined as "Permission to perform control actions through JMX on engine, server or jmx".
Monitor is defined as "Permission to perform monitoring actions through JMX on engine and server".
Reading the following NetworkServerMBean attributes require the ("server", "control") permission:
DrdaHost
DrdaPortNumber
DrdaSecurityMechanism
DrdaSSLMode
DrdaTraceDirectory
The rest of the actions require the "monitor" permission. Both permissions are granted to the network server in the default policy.
I do understand that "control" is used for attributes that are deemed more security sensitive than others. Intuitively, though, I would say that *all* the current NetworkServerMBean actions are monitoring actions, not control actions, but I guess I'll get over it...
I guess "control" seems more like a description of a role than a specific action at this point.
If both permissions ("control" and "monitor") are included for the network server in the default policy file, why don't we leave distinguishing between sensitive actions and non-sensitive actions to the admin? Admins may have different views of which actions are security sensitive and which are not... I guess if JMX authentication is enabled this (fine-grained permission grants) is still possible...
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John H. Embretsen updated DERBY-3462:
-------------------------------------
Affects Version/s: 10.4.0.0
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Affects Versions: 10.4.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.4.1.0, 10.5.0.0
>
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12578811#action_12578811 ]
Daniel John Debrunner commented on DERBY-3462:
----------------------------------------------
At a higher level with the basic server policy (the one installed automatically when the server is run through NetworkServerControl.main) we have a number of choices, all controlled through permissions we grant in the basic policy. Here's the list of the choices with the current answer for trunk:
Do we allow the basic policy to ...
A) Register JMX Mbeans - YES
B) Allow Derby monitoring capabilities - YES
C) Allow Derby control capabilities - YES
D) Allow local (via process id) jmx - YES
E) Allow remote jmx - YES
F) Allow authenticated jmx - NO
G) Allow JVM monitoring - not sure - nothing is done to enable or disable it by derby.
H) Allow JVM control - not sure - nothing is done to enable or disable it by derby.
My decisions here are based off a discussion we had when you (John) added the permissions to register MBeans to the basic policy, I asked something along the lines of what scenarios were you trying to support.
I think this ends up with a useful set of jmx functionality when using local jmx (process id based) monitoring (D=YES). Since this can only be performed by the same OS user that started the server having the full JMX control (C=YES) does not introduce any security concerns.
E=YES may pose concerns, as with F=NO, it's only unauthenticated JMX that is supported. The trouble is that we cannot tell the difference (from the Derby code point of view) between local jmx and remote jmx no authentication. Thus if D=YES then E=YES. However it is a conscious decision for an application to start remote un-authenticated JMX monitoring. If they make that choice, it's their problem.
F=NO is because the only way it would work would be to grant all permissions to all JMXPrincipals, which seems way too open to me. The only control an application could have is through JMX authorization, which would limit JMX users to be read-write (get & set attributes, invoke operations) or read-only (get attributes only).
G,H - I only just thought about :-)
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DERBY-3462) Require new permissions in
o.a.d.security.SystemPermission to allow control to Derby's JMX management
and to ensure information is not leaked through JMX
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John H. Embretsen resolved DERBY-3462.
--------------------------------------
Resolution: Fixed
Fix Version/s: 10.5.0.0
10.4.1.0
My understanding is that the suggested changes have been committed to both trunk and the 10.4 branch, with the following revision numbers:
Trunk: 635723, 636493, 636878
10.4 (merges): 637237, 637294
Marking this issue as Resolved/Fixed.
> Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3462
> URL: https://issues.apache.org/jira/browse/DERBY-3462
> Project: Derby
> Issue Type: Sub-task
> Components: JMX, Security
> Affects Versions: 10.4.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.4.1.0, 10.5.0.0
>
>
> Plan is to implement proposal defined in:
> http://wiki.apache.org/db-derby/JMXSecurityExpectations#head-de15a7e9d474784775933965fe963b6ac46e7ad0
> E.g.
> jmxControl for the ability to call the operations on ManagementMBean.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.