You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2007/11/06 18:15:51 UTC
[jira] Issue Comment Edited: (DERBY-3086) The server policy needs
to grant derbynet.jar more permissions so that sysinfo and drda tracing
will work
[ https://issues.apache.org/jira/browse/DERBY-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540488 ]
kmarsden edited comment on DERBY-3086 at 11/6/07 9:15 AM:
----------------------------------------------------------------
Rick said:
>Could you explain the incompatibility which you see is >being introduced? I didn't understand your concern. Here >is a little more information which may help: The code >which sets DRDA_PROP_TRACEDIRECTORY is called >before the security manager is installed, so there is no >need to grant write access to that property.
Looking more closely I see this is set only if installing the security manager. My concern was that if I used my own policy file it would fall over trying to set this property, but I tried it and that does not seem to be the case. If I use my own policy file it does not enter this code at all, so I think the change is ok after all.
was (Author: kmarsden):
Rick said:
>Could you explain the incompatibility which you see is >being introduced? I didn't understand your concern. Here >is a little more information which may help: The code >which sets DRDA_PROP_TRACEDIRECTORY is called >before the security manager is installed, so there is no >need to grant write access to that property.
Looking more closely I see this is set only if installing the security manager. My concern was that if I used my own policy file it would fall over trying to write this policy, but I tried it and that does not seem to be the case. If I use my own policy file it does not enter this code at all, so I think the change is ok after all.
> The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda tracing will work
> ---------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3086
> URL: https://issues.apache.org/jira/browse/DERBY-3086
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.1.4
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-3086-01-morePermissions-aa.diff
>
>
> More permissions need to be granted to derbynet.jar in the server.policy file. David van Couvering reports that if you bring up the server and run the following command:
> java -jar derbyrun.jar server sysinfo
> then you get security exceptions as the sysinfo code, running inside the network jarball tries to read user.dir, user.home, user.name, java.home, and java.class.path.
> Kathey Marsden reports that if you try to run the network server with drda tracing turned on, then you get security exceptions when the server tries to open the trace log file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.