db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1056) Print a security warning to derby.log and network server console if network server is started with remote connections enabled and security manager, user authentication, and ecrypted userid are not on
Date Sun, 26 Feb 2006 23:22:35 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1056?page=comments#action_12367867 ] 

Daniel John Debrunner commented on DERBY-1056:
----------------------------------------------

Interesting scenario, the DA vs. the Public Defender. There might be issues, but I think for
the ones you state the DA would public defender would require root access to the machine to
snoop the loopback driver. Once an untrusted person has root access then the derby network
server is the least of their worries.

> Print a security warning to derby.log and network server console if network server is
started with remote connections enabled and security manager, user authentication, and ecrypted
userid are not on
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-1056
>          URL: http://issues.apache.org/jira/browse/DERBY-1056
>      Project: Derby
>         Type: Improvement
>   Components: Network Server, Security
>     Reporter: Kathey Marsden
>      Fix For: 10.2.0.0

>
> Information and questions from the user list seem to indicate that often users enable
remote connections by starting  network server with the -h 0.0.0.0  or -h <machinename>
option without taking proper security measures.    I think it would be worthwhile to print
a security warning the console and derby.log if network server is starated without the proper
security in place.
> Serious security issues exist when starting network server and allowing remote connections
unless users:
> - Run in security manager with permissions restricted as much as possible.
> - Enable user authentication
> - Use encrypted userid/password (Currently only available with IBMJCE)
> -  Maybe also print a warning if bootPassword is sent in the connectionAttributes, since
this cannot be encrypted.  (I had thought there was a jira issue for this but can't find it.)
> Even when started with the localhost default there can be security  issues  if the machine
itself is not secure.
> An example of such an attack might include creating databases  until the host machine
disk filled up, deleting all user data etc.
> Related issues:
> DERBY-65
> DERBY-474
> DERBY -528
> DERBY-962

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message