Running the Network Server Under the Security Manager

You should run the Network Server under the Java security manager. An example security policy file appears below. Please fine tune this policy to suit your needs. Keep in mind that opening up the server to all clients without limiting access via the policy listed below is a severe security risk.

//Recommended set of permissions to start and use the network server,
//assuming the 'd:/derby/lib' directory has been secured. 
//Fine tune based on your environment settings
grant codeBase "file:d:/derby/lib/-" {
permission java.io.FilePermission "${derby.system.home}${/}-", 
    "read, write, delete";
permission java.io.FilePermission "${user.dir}${/}-", "read, write, delete";
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "createClassLoader";
permission java.net.SocketPermission "myclientmachine.mydomain.com", "accept";
};
 
//Required set of permissions to stop the network server, assuming you have
// secured the 'd:/derby/lib' directory
//Remember to fine tune this as per your environment.
grant codeBase "file:d:/derby/lib/-"  {
//Following is required when server is started with "-h localhost" 
//or without the -h option
permission java.net.SocketPermission "localhost", "accept, connect, resolve"; 
permission java.net.SocketPermission "127.0.0.1", "accept, connect, resolve";
//The following is only required if the server is started with the -h <host> 
//option (else shutdown access will be denied).
permission java.net.SocketPermission "<host>:*", "accept, connect, resolve";
};

The following example shows how to start the network server in the default security manager (listening to clients from localhost only, which is the default behavior if the -h option is not used to start the server), assuming the policy file exists in d:/nwsvr.policy:

java -Djava.security.manager -Djava.security.policy=d:/nwsvr.policy
org.apache.derby.drda.NetworkServerControl start 

You can also achieve the same behavior with the following example, which makes explicit use of the -h option when starting the server:

java -Djava.security.manager -Djava.security.policy=d:/nwsvr.policy
org.apache.derby.drda.NetworkServerControl start -h localhost

The following example shows how to start the network server (assuming you start the server on the host machine myserver.mydomain.com) in the default security manager (listening to client requests originating from other machines only). This example also assumes that the policy file exists in d:/nwsvr.policy:

java -Djava.security.manager -Djava.security.policy=d:/nwsvr.policy
org.apache.derby.drda.NetworkServerControl start -h myserver.mydomain.com