db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Just how more secure is (will be) 10.3 than 10.2?
Date Tue, 05 Jun 2007 16:36:55 GMT
John Embretsen wrote:
> Daniel John Debrunner wrote:

>> Not sure on that basis if I would call 10.3 "safer". If there are N 
>> ways to break security and less than N is closed, then a system is not 
>> more secure.
> 
> I tend to disagree. There will _always_ be security holes in systems 
> such as Derby. Does that mean that we can never use the terms "more 
> secure" or "safer"? Of course, there are no guarantees, but hopefully we 
> are closing more (at least more severe) security holes than we are 
> introducing with this release. I would define this as being "more 
> secure" and "safer", though not "secure" nor "safe".

I think there's the problem, what security holes are being closed and 
which are being opened. Is there a positive net change that would make 
anyone (more?) comfortable running an unauthenticated server on their 
own machine?

> If this reasoning is not valid, would it also be wrong to say that Derby 
> 10.3 is safer than 10.0?

I hadn't thought about that much, I don't remember much improvement from 
10.0 to 10.2, so I would guess 10.3 is not more secure than 10.0. I'm 
talking about the situation where a network server is listening on a 
remote host without authentication and a user neglected to install a 
security manager. That is some claim that Derby 10.3 is more secure in 
that situation than before, I'm just doubting that claim. 10.3 can be 
made to be more secure than 10.0 due to security manager improvements, 
grant revoke etc, but that's not what the e-mail to the user list is 
addressing.

> Would it be wrong to say that using encryption is safer than not using 
> encryption at all?

Depends on where the key is stored. If it's a fixed key (e.g. in an 
application) or the key is easy to find then encryption is no more secure.

> For example, I know that the encryption in my home Wi-Fi network can be 
> cracked, but I still regard the system as safer (more secure) than my 
> neighbor's unencrypted Wi-Fi network.

And so would I, unless I could easily connect into your encrypted 
network without knowing the password or encryption key and change its 
configuration to no longer be secure. (Which is what 10.3 continues to 
allow).

The wi-fi networks are a interesting comparison. Their mode out of the 
box is insecure and allowing remote access. Derby's network server is 
insecure but disallowing remote access.

Dan.

Mime
View raw message