Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 80737 invoked from network); 6 Mar 2007 19:57:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Mar 2007 19:57:46 -0000 Received: (qmail 48270 invoked by uid 500); 6 Mar 2007 19:57:53 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 48247 invoked by uid 500); 6 Mar 2007 19:57:53 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 48238 invoked by uid 99); 6 Mar 2007 19:57:53 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Mar 2007 11:57:53 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Mar 2007 11:57:44 -0800 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2CB0271409E for ; Tue, 6 Mar 2007 11:57:24 -0800 (PST) Message-ID: <6211006.1173211044179.JavaMail.root@brutus> Date: Tue, 6 Mar 2007 11:57:24 -0800 (PST) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2407) A connection attempt by an unauthorized user leaves a previously non-booted database booted In-Reply-To: <32035231.1173210804190.JavaMail.root@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12478543 ] Dag H. Wanvik commented on DERBY-2407: -------------------------------------- by Francois Orsini Feb 27, 2007; 08:12pm Hi Dag, Not sure I understand this completely - What do you mean by "Thus, an invalid user is allowed to change the database state"? if the database is booted and left opened, it still requires users to authenticate to get a valid connection to it, _if_ derby.connection.requireAuthentication was set to true. The database can stay open as it is required to be online so that user authentication works...Yes, we could shut it down again if it was not being booted before *but* then one also has to handle the possibility of concurrent user authentication requests and if the first one requiring the db to be booted in the first place, should we shut it down then? I mean yes we could do and try such a thing but it's not like the database data are being made available since no invalid user will be able to authenticate anyway...This is *not* a denial-of-service attack - Again, the db data is not made available to invalid user(s)... > A connection attempt by an unauthorized user leaves a previously non-booted database booted > ------------------------------------------------------------------------------------------- > > Key: DERBY-2407 > URL: https://issues.apache.org/jira/browse/DERBY-2407 > Project: Derby > Issue Type: Improvement > Components: Services > Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0 > Reporter: Dag H. Wanvik > Priority: Minor > > File this as a placeholder for the discussion started in > http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html > This may or may not be a behavior we would like to change. > (first mail): > Working on DERBY-2264, I notice (again) that booting a database is not > protected in any way. Currently, even when authentication > (derby.connection.requireAuthentication) is turned on, any user can > leave the database in a booted state: If not already booted, the > database potentially needs to be booted to authenticate. However, if > authentication fails, the database is not shut down again. Thus, an > invalid user is allowed to change the database state. I think this is > somewhat surprising for an end user. Is there a reason for this > behavior? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.