db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Van Couvering" <da...@vancouvering.com>
Subject Re: NetworkServerControl shutdown w/ authentication failing?
Date Fri, 22 Jun 2007 00:04:45 GMT
I think "invalid authentication" is incorrect, because actually it
should be "this user is not authorized to shut down the database."
The authentication went fine, it's just they aren't authorized.  There
is security and there is being completely misleading.  The poor user
will scratch their heads, like Martin did, wondering what on earth is
wrong with their user and password, especially when they can log in to
do other things.

I highly recommend this be changed to a more helpful message
indicating the user is not authorized to perform the operation.

David

On 6/21/07, Francois Orsini <francois.orsini@gmail.com> wrote:
>
>
> On 6/21/07, Knut Anders Hatlen <Knut.Hatlen@sun.com> wrote:
> > Martin Zaun <Martin.Zaun@Sun.COM> writes:
> >
> > > Hi,
> > >
> > > there seems to be an issue with 'NetworkServerControl shutdown' and
> > > authentication.  Your comments appreciated.
> > >
> > > Here's what I'm doing:
> >
> > [...]
> >
> > > 3) What does NOT work and results in a server crash: run shutdown
> > >    from NetworkServerControl with authentication (restarted server):
> > >
> > > java -Dderby.connection.requireAuthentication=true
> > >      -Dderby.authentication.provider=BUILTIN
> > >      -Dderby.user.MARTIN=martinspassword
> > >      -Dderby.database.sqlAuthorization=true
> > >       org.apache.derby.drda.NetworkServerControl
> shutdown
> > >
> > >    This command makes the server process terminate after this message:
> > >
> > > Derby shutdown warning:
> > >  Connection refused : Invalid authentication.
> > > Apache Derby Network Server - 10.4.0.0 alpha - (549159M) shutdown at
> 2007-06-20
> > > 22:52:59.093 GMT
> > >
> > >    Some printlns I put into
> > >        org.apache.derby.jdbc.InternalDriver.connect ()
> > >    suggest that the wrong user name 'APP' (instead of 'MARTIN') is being
> > >    used for authentication:
> > >
> > > --> InternalDriver.connect()
> > > connect(): finfo = {shutdown=true}
> > > connect(): IdUtil.getUserNameFromURLProps(finfo) = APP
> > >
> > >
> > > Questions:
> > >
> > > - Was I using the authentication properties correctly for 'shutdown'?
> >
> > I don't think the shutdown command recognizes these properties, but it
> > would be great if there were some way to set username/password for it.
>
> That is correct, it does not - This is stepping into the realm of system
> privileges - the SHUTDOWN operation is a  system privilege one. For
> instance, one would not want *any* authenticated user to be able to shutdown
> a server or a database if he/she is not authorized to do so ( e.g. Admin
> user).
>
> > > - An authentication failure ("Derby shutdown warning") should not result
> > >   in the termination (or crash) of the server process, right?
> >
> > Actually, the server doesn't crash, it just shuts down because it got a
> > shutdown command. The authentication failure is not for the server
> > shutdown, but for a clean-up operation (invoking a clean shutdown of the
> > database) performed during server shutdown. This clean-up is not
> > required for shutting down the server, it only makes the shutdown
> > cleaner (that is, we don't have to run recovery the next time we boot
> > the database). That's also why it's only a warning, not an error. Note
> > that the server shutdown only tries to shut down the database if the
> > server was started from the command line, otherwise the booted databases
> > are left running.
> >
> > > - For better diagnostics, should the "Invalid authentication" message
> > >   tell the user name being used for authentication?
>
> We could have - this has been there for ages -  I think it was done
> originally for extra security ;-) One does not say anything about what went
> wrong with the credentials, one just fails to authenticate and the requester
> should know what to do to fix it (no guidance as far as what went wrong -
> other databases also do this - I remember having looked at other RDBMS but
> it was long ago).
>
>
> > +1
> >
> > --
> > Knut Anders
> >
>
>

Mime
View raw message