db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Embretsen <John.Embret...@Sun.COM>
Subject Re: Just how more secure is (will be) 10.3 than 10.2?
Date Wed, 06 Jun 2007 14:25:01 GMT
Daniel John Debrunner wrote:
> John Embretsen wrote:
>> Daniel John Debrunner wrote:
>> If this reasoning is not valid, would it also be wrong to say that 
>> Derby 10.3 is safer than 10.0?
> 
> I hadn't thought about that much, I don't remember much improvement from 
> 10.0 to 10.2, so I would guess 10.3 is not more secure than 10.0. I'm 
> talking about the situation where a network server is listening on a 
> remote host without authentication and a user neglected to install a 
> security manager. That is some claim that Derby 10.3 is more secure in 
> that situation than before, I'm just doubting that claim. 10.3 can be 
> made to be more secure than 10.0 due to security manager improvements, 
> grant revoke etc, but that's not what the e-mail to the user list is 
> addressing.

The e-mail to the user list claimed that 10.3 was safer because a Security 
Manager would be installed if the user neglected to install one. You listed 
several remote user actions that were more secure because of this. What I was 
trying to say was that my interpretation of that list is that 10.3 is (somewhat) 
more secure (out of the box), because an adversary will have fewer good options 
to try when attacking.

>> Would it be wrong to say that using encryption is safer than not using 
>> encryption at all?
> 
> Depends on where the key is stored. If it's a fixed key (e.g. in an 
> application) or the key is easy to find then encryption is no more secure.

The attacker still has to jump through an extra hoop or two in order to find the 
key (of course, it depends on how easy it is to find it) or crack the 
encryption, which means that the probability of a successful attack has been 
reduced (for example, a lazy attacker might rather move on to some other easily 
accessible target). I'd call that (slightly) more secure.

>> For example, I know that the encryption in my home Wi-Fi network can 
>> be cracked, but I still regard the system as safer (more secure) than 
>> my neighbor's unencrypted Wi-Fi network.
> 
> And so would I, unless I could easily connect into your encrypted 
> network without knowing the password or encryption key and change its 
> configuration to no longer be secure. (Which is what 10.3 continues to 
> allow).
> 
> The wi-fi networks are a interesting comparison. Their mode out of the 
> box is insecure and allowing remote access. Derby's network server is 
> insecure but disallowing remote access.

Yes, it's comforting to know that we could always do worse ;)


-- 
John



Mime
View raw message