db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kahat...@apache.org
Subject svn commit: r1292704 - in /db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication: AuthenticationServiceBase.java BasicAuthenticationServiceImpl.java
Date Thu, 23 Feb 2012 08:35:53 GMT
Author: kahatlen
Date: Thu Feb 23 08:35:53 2012
New Revision: 1292704

URL: http://svn.apache.org/viewvc?rev=1292704&view=rev
Log:
DERBY-5539: Harden password hashing in the builtin authentication service

Always generate a hashed token, also if there is no user with the
specified user name. This way, authentication failures take the same
amount of time regardless of the user's existence, which will make it
harder for attackers to tell whether a user exists.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java?rev=1292704&r1=1292703&r2=1292704&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
Thu Feb 23 08:35:53 2012
@@ -310,6 +310,26 @@ public abstract class AuthenticationServ
     }
 
     /**
+     * Get all the database properties.
+     * @return the database properties, or {@code null} if there is no
+     * access factory
+     */
+    Properties getDatabaseProperties() throws StandardException {
+        Properties props = null;
+
+        TransactionController tc = getTransaction();
+        if (tc != null) {
+            try {
+                props = tc.getProperties();
+            } finally {
+                tc.commit();
+            }
+        }
+
+        return props;
+    }
+
+    /**
      * <p>
      * Get the name of the database if we are performing authentication at the database level.
      * </p>
@@ -629,7 +649,7 @@ public abstract class AuthenticationServ
      *         or {@code null} if {@code password} is {@code null}
      * @throws StandardException if the specified algorithm is not supported
      */
-    private String encryptUsingDefaultAlgorithm(String user,
+    String encryptUsingDefaultAlgorithm(String user,
                                                 String password,
                                                 Dictionary props)
             throws StandardException

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java?rev=1292704&r1=1292703&r2=1292704&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/BasicAuthenticationServiceImpl.java
Thu Feb 23 08:35:53 2012
@@ -27,7 +27,7 @@ import org.apache.derby.iapi.reference.S
 import org.apache.derby.authentication.UserAuthenticator;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 import org.apache.derby.iapi.services.monitor.Monitor;
-import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.store.access.TransactionController;
 import org.apache.derby.iapi.error.StandardException;
 import org.apache.derby.iapi.util.StringUtil;
 import org.apache.derby.impl.jdbc.Util;
@@ -221,6 +221,27 @@ public final class BasicAuthenticationSe
         }
         else
         {
+            // DERBY-5539: Generate a hashed token even if the user is not
+            // defined at the database level (that is, the user is defined at
+            // the system level or does not exist at all). If we don't do that,
+            // authentication failures would take less time for non-existing
+            // users than they would for existing users, since generating the
+            // hashed token is a relatively expensive operation. Attackers
+            // could use this to determine if a user exists. By generating the
+            // hashed token also for non-existing users, authentication
+            // failures will take the same time for existing and non-existing
+            // users, and it will be more difficult for attackers to tell the
+            // difference.
+            try {
+                Properties props = getDatabaseProperties();
+                if (props != null) {
+                    encryptUsingDefaultAlgorithm(
+                            userName, userPassword, props);
+                }
+            } catch (StandardException se) {
+                throw Util.generateCsSQLException(se);
+            }
+
             // check if user defined at the system level
             definedUserPassword = getSystemProperty(userNameProperty);
             passedUserPassword = userPassword;



Mime
View raw message