db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2407) A connection attempt by an unauthorized user leaves a previously non-booted database booted
Date Tue, 06 Mar 2007 19:55:24 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12478542
] 

Dag H. Wanvik commented on DERBY-2407:
--------------------------------------

by Daniel John Debrunner-2 Feb 27, 2007; 07:27pm 

Not sure there's a reason for the behaviour, but I'm not sure the fix is
obvious.

1) If a boot with failed authentication shuts the database down, then at
least it has to ensure that no valid user has connected to it since it
was booted.

2) Having such a request shutdown the database might actually increase
the potential of a denial of service attack. More work would be
performed for an invalid request, thus consuming more cpu time on the
machine.

3) Which "end-user" do you mean above? A remote user can't tell that the
database was booted or not so it's not surprising to them. :-)

Dan. 

> A connection attempt by an unauthorized user leaves a previously non-booted database
booted
> -------------------------------------------------------------------------------------------
>
>                 Key: DERBY-2407
>                 URL: https://issues.apache.org/jira/browse/DERBY-2407
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
>            Reporter: Dag H. Wanvik
>            Priority: Minor
>
> File this as a placeholder for the discussion started in 
> http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html
> This may or may not be a behavior we would like to change.
> (first mail):
> Working on DERBY-2264, I notice (again) that booting a database is not
> protected in any way.  Currently, even when authentication
> (derby.connection.requireAuthentication) is turned on, any user can
> leave the database in a booted state: If not already booted, the
> database potentially needs to be booted to authenticate. However, if
> authentication fails, the database is not shut down again. Thus, an
> invalid user is allowed to change the database state. I think this is
> somewhat surprising for an end user. Is there a reason for this
> behavior?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message