background image
<< Customizing the Network Server | Network encryption and authentication >>

Network Server without a security policy

<< Customizing the Network Server | Network encryption and authentication >>
Derby Server and Administration Guide
47
//
permission java.io.FilePermission
"/usr/local/shoppingCartApp/backups/-", "read,write,delete";
//
// This permission lets you import data from
// a selected branch of the local file system:
//
permission java.io.FilePermission
"/usr/local/shoppingCartApp/imports/-", "read";
//
// This permission lets you export data to
// a selected branch of the local file system:
//
permission java.io.FilePermission
"/usr/local/shoppingCartApp/exports/-", "write";
//
// This permission lets you load your databases with jar files of
// application code
//
permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*",
"read";
// LDAP server on localhost using default LDAP port 389:
permission java.net.SocketPermission "localhost:389",
"connect,resolve";
};
grant codeBase "file:/usr/local/share/sw/derby/lib/derbynet.jar"
{
//
// This permission lets the Network Server manage connections from
clients
// originating from the localhost, on any port.
//
permission java.net.SocketPermission "localhost:0-", "accept";
};
After customizing the Basic policy, you may bring up the Network Server as follows:
java -Djava.security.manager
-Djava.security.policy=/usr/local/shoppingCartApp/lib/
myCustomized.policy org.apache.derby.drda.NetworkServerControl start -h
localhost
Running the Network Server without a security policy
You may override the Network Server's impulse to install a security manager if, for some
reason, you need to run your application outside Java's security protections.
CAUTION: You incur a severe security risk by opening up the server to all clients without
limiting access via user authentication and a security policy.
Use the -noSecurityManager option to force the Network Server to come up without a
security manager. E.g.:
java org.apache.derby.drda.NetworkServerControl start -h localhost
-noSecurityManager
Running the Network Server with User Authentication
By default, the Network Server boots with user authentication disabled. However, it
is strongly recommended that you run your Network Server with user authentication
enabled. For details on how to enable user authentication, please see "Working with user
authentication" in the Derby Developer's Guide.