db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2407) A connection attempt by an unauthorized user leaves a previously non-booted database booted
Date Tue, 06 Mar 2007 19:53:24 GMT
A connection attempt by an unauthorized user leaves a previously non-booted database booted
-------------------------------------------------------------------------------------------

                 Key: DERBY-2407
                 URL: https://issues.apache.org/jira/browse/DERBY-2407
             Project: Derby
          Issue Type: Improvement
          Components: Services
    Affects Versions: 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0, 10.0.2.1, 10.0.2.0
            Reporter: Dag H. Wanvik
            Priority: Minor


File this as a placeholder for the discussion started in 
http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html

This may or may not be a behavior we would like to change.

(first mail):
Working on DERBY-2264, I notice (again) that booting a database is not
protected in any way.  Currently, even when authentication
(derby.connection.requireAuthentication) is turned on, any user can
leave the database in a booted state: If not already booted, the
database potentially needs to be booted to authenticate. However, if
authentication fails, the database is not shut down again. Thus, an
invalid user is allowed to change the database state. I think this is
somewhat surprising for an end user. Is there a reason for this
behavior?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message