db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini" <francois.ors...@gmail.com>
Subject Re: NetworkServerControl shutdown w/ authentication failing?
Date Fri, 22 Jun 2007 22:08:44 GMT
On 6/22/07, Knut Anders Hatlen <Knut.Hatlen@sun.com> wrote:
>
> David Van Couvering <david@vancouvering.com> writes:
>
> > I think "invalid authentication" is incorrect, because actually it
> > should be "this user is not authorized to shut down the database."
> > The authentication went fine, it's just they aren't authorized.  There
> > is security and there is being completely misleading.  The poor user
> > will scratch their heads, like Martin did, wondering what on earth is
> > wrong with their user and password, especially when they can log in to
> > do other things.
>
> Since the problem here is that the shutdown command in
> NetworkServerControl does not pick up the user name or the password, I
> think "invalid authentication" is correct. It tries to shut down the
> database using the default user and no password when
> derby.connection.requireAuthentication is true, hence it is not
> authenticated (whereas the default user may or may not be authorized to
> shut down the database).


Correct.

> On 6/21/07, Francois Orsini <francois.orsini@gmail.com> wrote:
> >>
> >>
> >> On 6/21/07, Knut Anders Hatlen <Knut.Hatlen@sun.com> wrote:
> >> > Martin Zaun <Martin.Zaun@Sun.COM> writes:
>
> >> > > - For better diagnostics, should the "Invalid authentication"
> message
> >> > >   tell the user name being used for authentication?
> >>
> >> We could have - this has been there for ages -  I think it was done
> >> originally for extra security ;-) One does not say anything about what
> went
> >> wrong with the credentials, one just fails to authenticate and the
> requester
> >> should know what to do to fix it (no guidance as far as what went wrong
> -
> >> other databases also do this - I remember having looked at other RDBMS
> but
> >> it was long ago).
>
> I don't think adding the user name to the error message would reduce the
> security. Sure, "User 'APP' does not exist" or "Invalid password for
> user 'APP'" would be problematic, as they would reveal whether or not a
> user existed. However, a message like "Invalid authentication for user
> 'APP'" would be OK since it doesn't say what went wrong, and it would be
> more useful since Martin (or any other user) would immediately see that
> the supplied user name had not been picked up.


Fair enough for the server (NetworkServerControl) - Yes, in this context it
is hard to find out which user has failed to authenticate. +1

--
> Knut Anders
>

Mime
View raw message