You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by sc...@apache.org on 2007/07/02 23:38:23 UTC

svn commit: r552599 - in /db/derby/docs/branches/10.3/src: adminguide/tadminnetservbasic.dita adminguide/tadminnetservcustom.dita devguide/cdevbabejgjd.dita devguide/rdevcsecure871406.dita devguide/rdevcsecure871422.dita devguide/rdevcsecure871439.dita

Author: scotsmatrix
Date: Mon Jul  2 14:38:22 2007
New Revision: 552599

URL: http://svn.apache.org/viewvc?view=rev&rev=552599
Log:
DERBY_2737: Added permissions for read/write. Patch contributed by me.

Modified:
    db/derby/docs/branches/10.3/src/adminguide/tadminnetservbasic.dita
    db/derby/docs/branches/10.3/src/adminguide/tadminnetservcustom.dita
    db/derby/docs/branches/10.3/src/devguide/cdevbabejgjd.dita
    db/derby/docs/branches/10.3/src/devguide/rdevcsecure871406.dita
    db/derby/docs/branches/10.3/src/devguide/rdevcsecure871422.dita
    db/derby/docs/branches/10.3/src/devguide/rdevcsecure871439.dita

Modified: db/derby/docs/branches/10.3/src/adminguide/tadminnetservbasic.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/tadminnetservbasic.dita?view=diff&rev=552599&r1=552598&r2=552599
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/tadminnetservbasic.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/tadminnetservbasic.dita Mon Jul  2 14:38:22 2007
@@ -25,64 +25,32 @@
 </keywords>
 </metadata></prolog>
 <taskbody>
-<context>
-<p>
-If you boot the Network Server without specifying a security manager,
-the Network Server will install a default Java security manager
-enforcing a Basic policy. This happens if you boot the Network Server
-as your VM's entry point, e.g.:
-</p>
-
-<codeblock>
+<context> <p> If you boot the Network Server without specifying a security
+manager, the Network Server will install a default Java security manager enforcing
+a Basic policy. This happens if you boot the Network Server as your VM's entry
+point, e.g.: </p>  <codeblock>
 java org.apache.derby.drda.NetworkServerControl start ...
-</codeblock>
-
-<p>
-Note that you should run your Network Server
-with user authentication enabled. For details on how to enable user authentication,
-please see the section titled "Working with user authentication" in the Derby
-Developer's Guide.
-</p>
-
-<p>
-Some of your application code may run as procedures and functions
-which you have declared using the CREATE PROCEDURE and CREATE FUNCTION
-statements. You will need to add privileged blocks to your declared procedures
-and functions if they perform sensitive operations such as file and
-network i/o,
-classloading, system property reading, etc..
-</p>
-
-<p>
-If for some reason you do not want to run your client/server
-application under a security manager, you may override the Network
-Server's impulse to install a default policy. For details on how to do
-this, please see
-<xref href="tadminnetservopen.dita"></xref>.
-</p>
-
-<p>
-Note that the Network Server attempts to install a security manager
-only if you boot the server as the entry point of your VM. The Network
-Server will not attempt to install a security manager if you start the
-server from your application using the programmatic API
-described in the following section:
-<xref href="tadminconfig814963.dita"></xref>.
-</p>
-
-<p>
-You will find a Template security policy in the Derby
-distribution at
-<i>demo/templates/server.policy</i>. Most likely, you will want to
-customize this policy. For example, probably you will want to restrict
-the server's liberal file i/o permissions which let the server
-backup/restore to/from any location in the local file system. For
-details on how to customize the Template policy, please see
-<xref href="tadminnetservcustom.dita"></xref>.
-A copy of the Basic policy follows:
-</p>
-
-<codeblock>
+</codeblock>  <p> Note that you should run your Network Server with user authentication
+enabled. For details on how to enable user authentication, please see "Working
+with user authentication" in the <ph conref="../conrefs.dita#pub/citdevelop"></ph>. </p>  <p> Some
+of your application code may run as procedures and functions which you have
+declared using the CREATE PROCEDURE and CREATE FUNCTION statements. You will
+need to add privileged blocks to your declared procedures and functions if
+they perform sensitive operations such as file and network i/o, classloading,
+system property reading, etc.</p>  <p> If for some reason you do not want
+to run your client/server application under a security manager, you may override
+the Network Server's impulse to install a default policy. For details, see <xref
+href="tadminnetservopen.dita"></xref>. </p>  <p> Note that the Network Server
+attempts to install a security manager only if you boot the server as the
+entry point of your VM. The Network Server will not attempt to install a security
+manager if you start the server from your application using the programmatic
+API described in the following section: <xref href="tadminconfig814963.dita"></xref>. </p>  <p> You
+will find a template security policy in the Derby distribution at <i>demo/templates/server.policy</i>.
+Most likely, you will want to customize this policy. For example, probably
+you will want to restrict the server's liberal file i/o permissions which
+let the server backup/restore to/from any location in the local file system.
+For details on how to customize the Template policy, please see <xref href="tadminnetservcustom.dita"></xref>.
+The following example is a copy of the Basic policy: </p>  <codeblock>
 grant codeBase "${derby.install.url}derby.jar"
 {
 //
@@ -91,7 +59,10 @@
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.io.FilePermission "${derby.system.home}","read";
-  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}-", 
+     "read,write,delete";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+     "write"; 
 
 //
 // This permission lets you backup and restore databases
@@ -112,7 +83,6 @@
 //
   permission java.net.SocketPermission "${derby.security.host}:*", "accept"; 
 };
-</codeblock>
-</context>
+</codeblock> </context>
 </taskbody>
 </task>

Modified: db/derby/docs/branches/10.3/src/adminguide/tadminnetservcustom.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/adminguide/tadminnetservcustom.dita?view=diff&rev=552599&r1=552598&r2=552599
==============================================================================
--- db/derby/docs/branches/10.3/src/adminguide/tadminnetservcustom.dita (original)
+++ db/derby/docs/branches/10.3/src/adminguide/tadminnetservcustom.dita Mon Jul  2 14:38:22 2007
@@ -25,45 +25,31 @@
 </keywords>
 </metadata></prolog>
 <taskbody>
-<context>
-<p>
-The Network Server's Basic security policy is documented in a previous
-section of this manual:
-<xref href="tadminnetservbasic.dita"></xref>.
-Most likely, you will want to
-customize your own security policy. For example, probably you will want to restrict
-the server's liberal file i/o permissions which let the server
-backup/restore to/from any location in the local file system.
-Customizing the security policy is simple:
-</p>
-
-<ul>
-<li>A Template policy lives in the Derby distribution at
-<i>demo/templates/server.policy</i>. Copy it from this location to
-your own file, say <i>myCustomized.policy</i>. All of the following
-edits take place in your custom file.</li>
-<li>Replace the <i>${derby.install.url}</i> variable with the location
-of the Derby jars in your local file system.</li>
-<li>Replace the <i>${derby.system.home}</i> variable with the location
-of your Derby system directory. Alternatively, rather than replacing
-this variable, you can simply set the value of the
-<i>derby.system.home</i> system property when you boot the server.</li>
-<li>Replace the <i>${derby.security.host}</i> variable with the address of the 
-network interface on which the server is listening. Note that the
-special wildcard address "0.0.0.0" is not understood by
-SocketPermission, even though Derby accepts this wildcard as a valid
-value for the -h option of the Network Server startup command. If you
-must grant blanket permission to this wildcard address, specify
-"*" in the policy file, instead.</li>
-<li>Refine the file permissions needed by backup/restore,
-import/export, and the loading of application jars.</li>
-</ul>
-
-<p>
-A sample, customized policy file follows:
-</p>
-
-<codeblock>
+<context> <p> The Network Server's Basic security policy is documented in
+the secion <xref href="tadminnetservbasic.dita"></xref>. Most likely, you
+will want to customize your own security policy. For example, you might want
+to restrict the server's liberal file i/o permissions which let the server
+backup to and restore from any location in the local file system. Customizing
+the security policy is simple: </p>  <ul>
+<li>A template policy lives in the Derby distribution at <i>demo/templates/server.policy</i>.
+Copy the from this location to your own file, say <i>myCustomized.policy</i>.
+All of the following edits take place in your custom file.</li>
+<li>Replace the <i>${derby.install.url}</i> variable with the location of
+the Derby jars in your local file system.</li>
+<li>Replace the <i>${derby.system.home}</i> variable with the location of
+your Derby system directory. Alternatively, rather than replacing this variable,
+you can simply set the value of the <i>derby.system.home</i> system property
+when you boot the server.</li>
+<li>Replace the <i>${derby.security.host}</i> variable with the address of
+the  network interface on which the server is listening. Note that the special
+wildcard address "0.0.0.0" is not understood by SocketPermission, even though
+Derby accepts this wildcard as a valid value for the -h option of the Network
+Server startup command. If you must grant blanket permission to this wildcard
+address, specify "*" in the policy file.</li>
+<li>Refine the file permissions needed by backup/restore, import/export, and
+the loading of application jars.</li>
+</ul>  <p>The following example is a copy of a sample, customized policy file: </p> 
+ <codeblock>
 grant codeBase "file:/usr/local/share/sw/derby/lib/derby.jar"
 {
 //
@@ -72,7 +58,10 @@
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.io.FilePermission "/usr/local/shoppingCartApp/databases","read";
-  permission java.io.FilePermission "/usr/local/shoppingCartApp/databases/-", "read,write,delete";
+  permission java.io.FilePermission "/usr/local/shoppingCartApp/databases/-", 
+      "read,write,delete";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+      "write"; 
 
 //
 // This permission lets a DBA reload the policy file while the server
@@ -110,17 +99,9 @@
 //
   permission java.net.SocketPermission "buyCoolStuff.acme.com:*", "accept"; 
 };
-</codeblock>
-
-<p>
-After customizing the Basic policy, you may bring up the Network
-Server as follows:
-</p>
-
-<codeblock>
+</codeblock>  <p> After customizing the Basic policy, you may bring up the
+Network Server as follows: </p>  <codeblock>
 java -Djava.security.manager -Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy org.apache.derby.drda.NetworkServerControl start -h localhost
-</codeblock>
-
-</context>
+</codeblock>  </context>
 </taskbody>
 </task>

Modified: db/derby/docs/branches/10.3/src/devguide/cdevbabejgjd.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/cdevbabejgjd.dita?view=diff&rev=552599&r1=552598&r2=552599
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/cdevbabejgjd.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/cdevbabejgjd.dita Mon Jul  2 14:38:22 2007
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
+
 <!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN"
  "../dtd/concept.dtd">
 <!-- 
@@ -26,20 +27,30 @@
 </keywords>
 </metadata></prolog>
 <conbody>
-<p>See Default Policy Implementation and Policy File Syntax at
-<xref format="html" href="http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html" scope="external">http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html</xref>
-for more information about creating policy files.</p>
+<p>See Default Policy Implementation and Policy File Syntax at <xref format="html"
+href="http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html"
+scope="external">http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html</xref> for
+more information about creating policy files.</p>
 <section><title>Mandatory permissions</title><dl><dlentry>
 <dt>permission java.lang.RuntimePermission createClassLoader</dt>
 <dd>Mandatory. It allows <ph conref="../conrefs.dita#prod/productshortname"></ph> to
 execute SQL queries and supports loading class files from jar files stored
 in the database.</dd>
 </dlentry><dlentry>
-<dt>permission java.util.PropertyPermission "derby.*", read</dt>
+<dt>permission java.util.PropertyPermission "derby.*", "read"</dt>
 <dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> to read
 individual <ph conref="../conrefs.dita#prod/productshortname"></ph> properties
 set in the JVM's system set. If the action is denied, properties in the JVM's
 system set are ignored.</dd>
+</dlentry><dlentry>
+<dt>permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
+"write"</dt>
+<dd>This property is used by Derby to prevent the accidental boot of the database
+by two class loaders. If the database is booted by two class loaders, database
+corruption can occur. This permission requirement is new in <ph conref="../conrefs.dita#vers/fullversionnumber"></ph>.
+If write permission for this property is not granted, a message is printed
+to the log file which indicates that the <ph conref="../conrefs.dita#prod/productshortname"></ph> database
+is not protected from dual boot and possible corruption.</dd>
 </dlentry></dl></section>
 <section><title>Database access permissions</title><dl><dlentry>
 <dt>permission java.io.FilePermission "directory${/}/-", "read,write,delete"</dt>
@@ -62,34 +73,27 @@
 "read"</dt>
 <dd>Allows <ph conref="../conrefs.dita#prod/productshortname"></ph> to read
 the system properties file from the system directory.</dd>
-</dlentry>
-<dlentry>
+</dlentry><dlentry>
 <dt>permission java.io.FilePermission "${derby.system.home}${/}derby.log",
 "read,write,delete"</dt>
-<dt>permission java.io.FilePermission "${user.dir}${/}derby.log", "read,write,delete"</dt>
+<dt>permission java.io.FilePermission "${user.dir}${/}derby.log", "read,write,delete";</dt>
 <dd>Only one of these permissions is needed. Permits the application to read,
 write, and delete to the <ph conref="../conrefs.dita#prod/productshortname"></ph> log
 file, unless the log has been re-directed. (See the <i>derby.stream.error </i>properties
 in <cite><ph conref="../conrefs.dita#pub/cittuning"></ph></cite> for more
 information.) If one of the requested valid actions is denied, the <ph conref="../conrefs.dita#prod/productshortname"></ph> log
 will be <codeph><i>java.lang.System.err</i></codeph>.</dd>
-</dlentry>
-<dlentry>
+</dlentry><dlentry>
 <dt>permission java.security.SecurityPermission "getPolicy"</dt>
-<dd>You need this permission if you want to change the security policy on the
-fly and reload it into a running system. Given this permission, a DBA
-can reload the policy file by calling the
-<codeph>SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY</codeph>
-system procedure. For more information, see the
-section which describes this procedure in
-<cite><ph conref="../conrefs.dita#pub/citref"></ph></cite>.
-</dd>
-</dlentry>
-</dl>
-</section>
+<dd>You need this permission if you want to change the security policy on
+the fly and reload it into a running system. Given this permission, a DBA
+can reload the policy file by calling the <codeph>SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY</codeph> system
+procedure. For more information, see the section which describes this procedure
+in <cite><ph conref="../conrefs.dita#pub/citref"></ph></cite>. </dd>
+</dlentry></dl> </section>
 <section><title>Combining permissions</title><p>You might grant one <i>FilePermission</i> that
 encompasses several or all of the permissions instead of separately granting
-a number of the more specific permissions. For example:<codeblock>permission java.io.FilePermission "${derby.system.home}/-", "read,write,delete"</codeblock
+a number of the more specific permissions. For example:<codeblock>permission java.io.FilePermission "${derby.system.home}/-", "read,write,delete";</codeblock
 >This allows the <ph conref="../conrefs.dita#prod/productshortname"></ph> engine
 complete access to the system directory and any databases contained in the
 system directory.</p></section>

Modified: db/derby/docs/branches/10.3/src/devguide/rdevcsecure871406.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/rdevcsecure871406.dita?view=diff&rev=552599&r1=552598&r2=552599
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/rdevcsecure871406.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/rdevcsecure871406.dita Mon Jul  2 14:38:22 2007
@@ -35,7 +35,9 @@
   permission java.util.PropertyPermission "derby.*", "read";
   permission.java.io.FilePermission "${derby.system.home}","read";
   permission java.io.FilePermission "${derby.system.home}${/}
--", "read,write,delete";
+     -", "read,write,delete";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+     "write"; 
 };</codeblock></example>
 </refbody>
 </reference>

Modified: db/derby/docs/branches/10.3/src/devguide/rdevcsecure871422.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/rdevcsecure871422.dita?view=diff&rev=552599&r1=552598&r2=552599
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/rdevcsecure871422.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/rdevcsecure871422.dita Mon Jul  2 14:38:22 2007
@@ -33,7 +33,9 @@
   permission java.util.PropertyPermission "user.dir", "read";
   permission java.io.FilePermission "${derby.system.home}","read";
   permission java.io.FilePermission "${user.dir}${/}-",
- "read,write,delete";
+      "read,write,delete";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+      "write"; 
 
 };</codeblock></example>
 </refbody>

Modified: db/derby/docs/branches/10.3/src/devguide/rdevcsecure871439.dita
URL: http://svn.apache.org/viewvc/db/derby/docs/branches/10.3/src/devguide/rdevcsecure871439.dita?view=diff&rev=552599&r1=552598&r2=552599
==============================================================================
--- db/derby/docs/branches/10.3/src/devguide/rdevcsecure871439.dita (original)
+++ db/derby/docs/branches/10.3/src/devguide/rdevcsecure871439.dita Mon Jul  2 14:38:22 2007
@@ -33,10 +33,11 @@
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.io.FilePermission "${derby.system.home}","read";
   permission java.io.FilePermission "${derby.system.home}${/}*", 
-"read,write,delete";
+      "read,write,delete";
   permission java.io.FilePermission "${derby.system.home}${/}
-salesdb${/}
--", "read,write,delete";
+      salesdb${/}-", "read,write,delete";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+      "write"; 
 
 
 }; </codeblock></example>