db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: NetworkServerControl shutdown w/ authentication failing?
Date Thu, 21 Jun 2007 22:55:16 GMT
On 6/21/07, Knut Anders Hatlen <Knut.Hatlen@sun.com> wrote:
>
> Martin Zaun <Martin.Zaun@Sun.COM> writes:
>
> > Hi,
> >
> > there seems to be an issue with 'NetworkServerControl shutdown' and
> > authentication.  Your comments appreciated.
> >
> > Here's what I'm doing:
>
> [...]
>
> > 3) What does NOT work and results in a server crash: run shutdown
> >    from NetworkServerControl with authentication (restarted server):
> >
> > java -Dderby.connection.requireAuthentication=true
> >      -Dderby.authentication.provider=BUILTIN
> >      -Dderby.user.MARTIN=martinspassword
> >      -Dderby.database.sqlAuthorization=true
> >      org.apache.derby.drda.NetworkServerControl shutdown
> >
> >    This command makes the server process terminate after this message:
> >
> > Derby shutdown warning:
> >  Connection refused : Invalid authentication.
> > Apache Derby Network Server - 10.4.0.0 alpha - (549159M) shutdown at
> 2007-06-20
> > 22:52:59.093 GMT
> >
> >    Some printlns I put into
> >        org.apache.derby.jdbc.InternalDriver.connect()
> >    suggest that the wrong user name 'APP' (instead of 'MARTIN') is being
> >    used for authentication:
> >
> > --> InternalDriver.connect()
> > connect(): finfo = {shutdown=true}
> > connect(): IdUtil.getUserNameFromURLProps(finfo) = APP
> >
> >
> > Questions:
> >
> > - Was I using the authentication properties correctly for 'shutdown'?
>
> I don't think the shutdown command recognizes these properties, but it
> would be great if there were some way to set username/password for it.


That is correct, it does not - This is stepping into the realm of system
privileges - the SHUTDOWN operation is a  system privilege one. For
instance, one would not want *any* authenticated user to be able to shutdown
a server or a database if he/she is not authorized to do so (e.g. Admin
user).

> - An authentication failure ("Derby shutdown warning") should not result
> >   in the termination (or crash) of the server process, right?
>
> Actually, the server doesn't crash, it just shuts down because it got a
> shutdown command. The authentication failure is not for the server
> shutdown, but for a clean-up operation (invoking a clean shutdown of the
> database) performed during server shutdown. This clean-up is not
> required for shutting down the server, it only makes the shutdown
> cleaner (that is, we don't have to run recovery the next time we boot
> the database). That's also why it's only a warning, not an error. Note
> that the server shutdown only tries to shut down the database if the
> server was started from the command line, otherwise the booted databases
> are left running.
>
> > - For better diagnostics, should the "Invalid authentication" message
> >   tell the user name being used for authentication?


We could have - this has been there for ages -  I think it was done
originally for extra security ;-) One does not say anything about what went
wrong with the credentials, one just fails to authenticate and the requester
should know what to do to fix it (no guidance as far as what went wrong -
other databases also do this - I remember having looked at other RDBMS but
it was long ago).


+1
>
> --
> Knut Anders
>

Mime
View raw message