svn commit: r1029367 [3/3] - in /websites/production/db/content/derby/docs/10.14: adminguide/ devguide/ getstart/ publishedapi/ publishedapi/org/apache/derby/agg/ publishedapi/org/apache/derby/authentication/ publishedapi/org/apache/derby/catalog/ publ...

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1029367 [3/3] - in /websites/production/db/content/derby/docs/10.14: adminguide/ devguide/ getstart/ publishedapi/ publishedapi/org/apache/derby/agg/ publishedapi/org/apache/derby/authentication/ publishedapi/org/apache/derby/catalog/ publ...

bpendleton
Modified: websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html
==============================================================================
--- websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html (original)
+++ websites/production/db/content/derby/docs/10.14/security/rsecnetservbasic.html Thu May  3 16:33:58 2018
@@ -98,10 +98,14 @@ grant codeBase "${derby.install.url}derb
   // This permission also lets you import/export data to and from
   // arbitrary locations in your file system.
   //
-  // You may want to restrict this access to specific directories.
+  // NOTE: this permission is commented out. You should NOT grant blanket
+  // permission to the entire filesystem! If you choose to use this
+  // permission to allow the server to access files outside of the
+  // server's home directory, you should name those specific directories
+  // in the permisson (that is, do NOT specify ALL FILES).
   //
-  permission java.io.FilePermission "<<ALL FILES>>",
-      "read,write,delete";
+  // permission java.io.FilePermission "<<ALL FILES>>",
+  //     "read,write,delete";
 
   // Permissions needed for JMX based management and monitoring.
   //
@@ -187,10 +191,11 @@ grant codeBase "${derby.install.url}derb
   //
   //permission java.net.SocketPermission "*", "connect,resolve";
 
-  // Needed by sysinfo. The file permission is needed to
-  // check the existence of jars on the classpath. You can
-  // limit this permission to just the locations which hold
-  // your jar files.
+  // Needed by sysinfo. A file permission is needed to check the existence of
+  // jars on the classpath. Note that this permission is commented out!
+  // You should limit this permission to just the locations which hold
+  // your jar files; do NOT grant blanket permission to read the entire
+  // filesystem.
   //
   // In this template file, this block of permissions is granted
   // to derbynet.jar under the assumption that derbynet.jar is
@@ -212,7 +217,8 @@ grant codeBase "${derby.install.url}derb
   permission java.util.PropertyPermission "java.runtime.version", "read";
   permission java.util.PropertyPermission "java.fullversion", "read";
   permission java.lang.RuntimePermission "getProtectionDomain";
-  permission java.io.FilePermission "<<ALL FILES>>", "read";
+  // permission java.io.FilePermission "${derby.install.directory}${/}-",
+  //     "read";
 };</pre>
 
 </div>

Modified: websites/production/db/content/derby/docs/10.14/security/secderby.pdf
==============================================================================
Binary files - no diff available.

Modified: websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html
==============================================================================
--- websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html (original)
+++ websites/production/db/content/derby/docs/10.14/security/tsecnetservrun.html Thu May  3 16:33:58 2018
@@ -54,11 +54,19 @@ manager, the Network Server installs a d
 enforces a Basic policy.</p>
 
 <div class="section">
-<p>You are encouraged to customize this policy to fit the security needs of your
+<p>You are strongly encouraged to customize this policy to fit the security needs of your
 application and its runtime environment.</p>
 
 <p>You may also run the Network Server without a security manager, although this
-is not recommended.</p>
+is not recommended.
+Without a security manager in place, the Network Server should not
+be deployed in such a manner as to allow for connections from untrusted
+networks.
+A firewall or other security tool should be used in such a scenario.</p>
+
+<p>A firewall or other security tool is also good practice
+in addition to running the Network Server with a carefully-written
+security policy file.</p>
 
 <p>The default policy is used if you boot the Network Server as your VM's entry
 point, using a command like the following:</p>

Modified: websites/production/db/content/derby/docs/10.14/tools/derbytools.pdf
==============================================================================
Binary files - no diff available.

Modified: websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html
==============================================================================
--- websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html (original)
+++ websites/production/db/content/derby/docs/10.14/tools/rtoolscopyright.html Thu May  3 16:33:58 2018
@@ -39,7 +39,7 @@
 
 <div>
 <div class="section"> <p><img src="../images/logowithtext.jpg" alt="Logo for Apache&#10;Derby" /></p>
- <p>Copyright 2004-2017 The Apache Software Foundation</p>
+ <p>Copyright 2004-2018 The Apache Software Foundation</p>
  <p> Licensed
 under the Apache License, Version 2.0 (the "License"); you may not use this
 file except in compliance with the License. You may obtain a copy of the License

Modified: websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html
==============================================================================
--- websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html (original)
+++ websites/production/db/content/derby/docs/10.14/tuning/rtuncopyright.html Thu May  3 16:33:58 2018
@@ -39,7 +39,7 @@
 
 <div>
 <div class="section"> <p><img src="../images/logowithtext.jpg" alt="Logo for Apache&#10;Derby" /></p>
- <p>Copyright 2004-2017 The Apache Software Foundation</p>
+ <p>Copyright 2004-2018 The Apache Software Foundation</p>
  <p> Licensed
 under the Apache License, Version 2.0 (the "License"); you may not use this
 file except in compliance with the License. You may obtain a copy of the License

Modified: websites/production/db/content/derby/docs/10.14/tuning/tuningderby.pdf
==============================================================================
Binary files - no diff available.