Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 40566 invoked from network); 9 Sep 2005 17:00:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 9 Sep 2005 17:00:33 -0000 Received: (qmail 46102 invoked by uid 500); 9 Sep 2005 17:00:32 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 46076 invoked by uid 500); 9 Sep 2005 17:00:32 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Development" Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 46062 invoked by uid 99); 9 Sep 2005 17:00:32 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=SPF_FAIL X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Sep 2005 10:00:32 -0700 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 1028D331 for ; Fri, 9 Sep 2005 19:00:31 +0200 (CEST) Message-ID: <40570107.1126285231063.JavaMail.jira@ajax.apache.org> Date: Fri, 9 Sep 2005 19:00:31 +0200 (CEST) From: "Daniel John Debrunner (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-560) Provide finer grained security for connection attributes in Derby In-Reply-To: <586037637.1126284823296.JavaMail.jira@ajax.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-560?page=comments#action_12323060 ] Daniel John Debrunner commented on DERBY-560: --------------------------------------------- For create databases I think Derby should at least match the shutdown system behaviour. For shutdown (jdbc:derby:;shutdown=true' the connection request must pass system authentication (if enabled). Logically create database should follow the same authentication check. > Provide finer grained security for connection attributes in Derby > ----------------------------------------------------------------- > > Key: DERBY-560 > URL: http://issues.apache.org/jira/browse/DERBY-560 > Project: Derby > Type: Improvement > Components: JDBC > Versions: 10.2.0.0 > Reporter: Kathey Marsden > > Currently if authentication is enabled in Derby, anyone who has access to a database can connect with any attributes. This makes sense as that is currently the only barrier to access to a Derby database. > With talk of adding GRANT/REVOKE to provide finer grained access, consideration should be given to also providing finer grained access to connection attributes, especially for Network Server. Giving any user that can access the system permission to shutdown and create databases at will could be an issue. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira