You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kim Haase (JIRA)" <ji...@apache.org> on 2014/02/27 22:19:20 UTC
[jira] [Comment Edited] (DERBY-6217) Put all of the security
documentation in a single, separate user guide
[ https://issues.apache.org/jira/browse/DERBY-6217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13915058#comment-13915058 ]
Kim Haase edited comment on DERBY-6217 at 2/27/14 9:18 PM:
-----------------------------------------------------------
Here is a proposed high-level documentation plan for this guide. I welcome comments.
The Security Guide will provide introductory material from a revised (but as yet unpublished) version of Rick Hillegas's "Java DB Security" white paper, the previous version of which is reachable from http://db.apache.org/derby/blogs/index.html.
Much of the substance will consist of rearranged and slightly rewritten versions of the Developer's Guide section "Configuring Security for Derby".
In addition, several topics from the Admin Guide will be moved to this manual: the "User authentication differences" section and the first five sections under "Derby Network Server advanced topics".
The introductory section based on the white paper will include these topics:
Why databases need security
- Vulnerabilities of unsecured databases
- Threats to unsecured databases
Defenses against security threats
- Derby defenses against threats
- Defenses outside of Derby
Defenses mapped to threats
Designing safer Derby applications
The rearrangement of the Developer's Guide and Admin Guide material will follow the ordering of the appendixes in the white paper, which proceeds from simple to complex. It will incorporate material from the white paper and from the guides as appropriate:
Configuring database encryption
Configuring SSL/TLS
Configuring LDAP authentication
Configuring NATIVE authentication
Configuring coarse-grained authentication
Configuring fine-grained authentication
Configuring Java security
Restricting file permissions
Putting it all together
Security terminology
was (Author: chaase3):
Here is a proposed high-level documentation plan for this guide. I welcome comments.
The Security Guide will provide introductory material from a revised (but as yet unpublished) version of Rick Hillegas's "Java DB Security" white paper, the previous version of which is reachable from http://db.apache.org/derby/blogs/index.html.
Much of the substance will consist of rearranged and slightly rewritten versions of the Developer's Guide section "Configuring Security for Derby".
In addition, several topics from the Admin Guide will be moved to this manual: the "User authentication differences" section and the first five sections under "Derby Network Server advanced topics".
The introductory section based on the white paper will include these topics:
Why databases need security
- Vulnerabilities of unsecured databases
- Threats to unsecured databases
Defenses against security threats
- Derby defenses against threats
- Defenses outside of Derby
Defenses mapped to threats
Designing safer Derby applications
The rearrangement of the Developer's Guide and Admin Guide material will follow the ordering of the appendixes in the white paper, which proceeds from simple to complex. It will incorporate material from the white paper and from the guides as appropriate:
Configuring database encryption
Configuring SSL/TLS
Configuring LDAP authentication
Configuring NATIVE authentication
Configuring coarse-grained authentication
Configuring fine-grained authentication
Configuring Java security
Restricting file permissions
Putting it all together
Security terminology
> Put all of the security documentation in a single, separate user guide
> ----------------------------------------------------------------------
>
> Key: DERBY-6217
> URL: https://issues.apache.org/jira/browse/DERBY-6217
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
>
> Right now the security documentation is divided among our user guides. This makes is hard for customers to understand Derby's defenses and how to configure all relevant security mechanisms for an application. As demonstrated by the discussion on DERBY-6160, some security mechanisms involve multiple Derby jar files and multiple application tiers. Material for these mechanisms is scattered across the existing user guides. It would be less confusing if all of Derby's security documentation were separated out into a new Security Guide.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)