db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: no protection of db boot - intended?
Date Tue, 27 Feb 2007 19:12:34 GMT
Hi Dag,

Not sure I understand this completely - What do you mean by "Thus, an
invalid user is allowed to change the database state"? if the database is
booted and left opened, it still requires users to authenticate to get a
valid connection to it, _if_ derby.connection.requireAuthentication was set
to true. The database can stay open as it is required to be online so that
user authentication works...Yes, we could shut it down again if it was not
being booted before *but* then one also has to handle the possibility of
concurrent user authentication requests and if the first one requiring the
db to be booted in the first place, should we shut it down then? I mean yes
we could do and try such a thing but it's not like the database data are
being made available since no invalid user will be able to authenticate
anyway...This is *not* a denial-of-service attack - Again, the db data is
not made available to invalid user(s)...

--francois

On 2/26/07, Dag H. Wanvik <Dag.Wanvik@sun.com> wrote:
>
>
> Working on DERBY-2264, I notice (again) that booting a database is not
> protected in any way.  Currently, even when authentication
> (derby.connection.requireAuthentication) is turned on, any user can
> leave the database in a booted state: If not already booted, the
> database potentially needs to be booted to authenticate. However, if
> authentication fails, the database is not shut down again. Thus, an
> invalid user is allowed to change the database state. I think this is
> somewhat surprising for an end user. Is there a reason for this
> behavior? If not, I will file a JIRA for fixing it.
>
> Thanks,
> Dag
>

Mime
View raw message