db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject Re: no protection of db boot - intended?
Date Wed, 28 Feb 2007 21:28:33 GMT

Hi Francois,

thanks for your reply. Please (also) see my reply to Dan.

Francois Orsini <francois.orsini@gmail.com> writes:

> Not sure I understand this completely - What do you mean by "Thus, an
> invalid user is allowed to change the database state"? if the database is

I meant the boot state, which may be significant for a dba.

> booted and left opened, it still requires users to authenticate to get a
> valid connection to it, _if_ derby.connection.requireAuthentication was set
> to true. The database can stay open as it is required to be online so that
> user authentication works...Yes, we could shut it down again if it was not
> being booted before *but* then one also has to handle the possibility of
> concurrent user authentication requests and if the first one requiring the
> db to be booted in the first place, should we shut it down then? I mean yes
> we could do and try such a thing but it's not like the database data are
> being made available since no invalid user will be able to authenticate
> anyway...This is *not* a denial-of-service attack - Again, the db data is
> not made available to invalid user(s)...

Dag

Mime
View raw message