db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject [Fwd: [jira] Commented: (DERBY-1056) Print a security warning to derby.log and network server console if network server is started with remote connections enabled and security manager, user authentication, and ecrypted userid are not on]
Date Mon, 27 Feb 2006 19:31:04 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
Are there any initial thoughts to require authentication for databases
that are accessible through network server, outside of localhost? While
this would change default behavior of network server, with more work
being done in authentication and authorization areas, should Derby
start <b>planning </b>to use authentication by default in the future
for network uses? I am <b>not </b>proposing changing default for
10.2. Any change in default would need sufficient warnings and ability
to default to previous behavior for existing customers, I think. Also,
I don't know how sufficient current authentication mechanisms that
Derby supports to users.<br>
Motivation for this suggestion is that all databases I have used enable
some kind of authentication by default, especially for network usages.
With Grant/Revoke work that I am doing, I also plan to raise a warning
if sqlAuthorization is enabled without authentication. All
authorization work without authentication being on doesn't make much
Just a wild idea ...<br>

View raw message