Running the Network Server
Derby Server and Administration Guide
43
In the following example, the server runs on host machine
sampleserver.example.com
and also listens for clients from other hosts. Clients
must specify the server in the URL or DataSource as sampleserver.example.com:
java org.apache.derby.drda.NetworkServerControl start
-h sampleserver.example.com
To start the Network Server so that it will listen on all interfaces, start with an IP address
of
0.0.0.0
, shown in the following example:
java org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
A server that is started with the
-h 0.0.0.0
option will listen to client requests that
originate from both
localhost
and from other machines on the network.
However, administrative commands (for example,
org.apache.derby.drda.NetworkServerControl shutdown
) can run only on
the host where the server was started, even if the server was started with the
-h
option.
Running the Network Server under the security manager
By default, the Network Server boots with a Basic security policy. You are encouraged
to customize this policy to fit the security needs of your application and its runtime
environment. You may also run the Network Server without a security manager, although
this is not recommended.
Basic Network Server security policy
If you boot the Network Server without specifying a security manager, the Network Server
will install a default Java security manager enforcing a Basic policy. This happens if you
boot the Network Server as your VM's entry point, e.g.:
java org.apache.derby.drda.NetworkServerControl start ...
Note that you should run your Network Server with user authentication and user
authorization enabled. For details on how to enable user authentication, see "Working
with user authentication" in the Derby Developer's Guide. For information on user
authorization, see "Users and authorization identifiers" and "User authorizations" in the
Derby Developer's Guide.
Some of your application code may run as procedures and functions which you have
declared using the CREATE PROCEDURE and CREATE FUNCTION statements. You
will need to add privileged blocks to your declared procedures and functions if they
perform sensitive operations such as file and network i/o, classloading, system property
reading, etc.
If for some reason you do not want to run your client/server application under a security
manager, you may override the Network Server's impulse to install a default policy. For
details, see
Note that the Network Server attempts to install a security manager only if you boot the
server as the entry point of your VM. The Network Server will not attempt to install a
security manager if you start the server from your application using the programmatic API
described in the following section:
.
You will find a template security policy in the Derby distribution at
demo/templates/server.policy. Most likely, you will want to customize this policy. For
example, probably you will want to restrict the server's liberal file i/o permissions which
let the server backup/restore and export/import to or from any location in the local file
