db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1711) In an embedded env, connection happens properly even when the password supplied is wrong.
Date Tue, 22 Aug 2006 15:33:14 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1711?page=comments#action_12429746 ] 
Francois Orsini commented on DERBY-1711:

Hi Chinmay,

This is not a bug - The 'derby.connection.requireAuthentication' derby property is a static
one - Once it is set to true to turn on authentication, the database or derby instance needs
to be re-booted - So, if you set this property to true at the database level, just shutdown
the database and re-open a connection to that database for the property to be taken into account
during the following database boot...

However, the example in the guide does NOT do some proper testing in my opinion - it basically
checks if the properties have been set but it does NOT intrinsically check if authentication
has really been turned by doing more negative testing...The example also does NOT shutdown
and restart the database for the derby static properties to be taken into acount. This bug
should be converted into a documentation one - I also believe that we need to highlight more
the fact that the 'derby.connection.requireAuthentication' property is a static one...

Hope this helps - in the meantime...

> In an embedded env, connection happens properly even when the password supplied is wrong.
> -----------------------------------------------------------------------------------------
>                 Key: DERBY-1711
>                 URL: http://issues.apache.org/jira/browse/DERBY-1711
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions:
>         Environment: Win XP,Java 1.4.x
>            Reporter: Chinmay Bajikar
>         Attachments: derby.zip
> Hi,
> I am a new user of Derby.
> Have tried to set user authorization at the database level using the example given in
the Derby Dev Guide.(Page 85).
> The steps that I do are as follows,
> 1)Create a db (using create=true attribute in the connection url)
> 2) Connect to the db and set the appropriate properties i.e. set requireAuthentication
to true,provider to builtin, add a new user,passwrd and give it full access.
> 3) Set the default access level to noAccess.
> 4) Close this connection.
> 5) Now make a new connection using the user name/passwd.It connects fine.
> 6) Now try to make a new connection using a wrong user name and it gives a Connection
Refused exception.
> 7) Finally try giving a right username and wrong passwd and the connection still happens.
> Have attached the source file which does all these above steps for reproducing the issue.
> Thanks,
> Chinmay.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message