db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2736) Connecting with an invalid user identifier performs authentication before rejecting the connection.
Date Thu, 31 May 2007 16:19:15 GMT
Connecting with an invalid user identifier performs authentication before rejecting the connection.
---------------------------------------------------------------------------------------------------

                 Key: DERBY-2736
                 URL: https://issues.apache.org/jira/browse/DERBY-2736
             Project: Derby
          Issue Type: Bug
          Components: Security
    Affects Versions: 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0, 10.0.2.1, 10.0.2.0,
10.3.0.0
            Reporter: Daniel John Debrunner
            Priority: Minor


Ideally no authentication attempt should be made because the user identifier is invalid.
E.g. with this URL

jdbc:derby:db1;user=123

the connection attempt will correctly fail but only after the authentication mechanism is
called.

If the application has installed its own UserAuthenticator class then that class will be called
with an invalid identifier.
I believe that the connection request should fail before calling any authentication, developers
should only be required
to handle valid identifiers.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message