db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knut Anders Hatlen <Knut.Hat...@Sun.COM>
Subject Re: NetworkServerControl shutdown w/ authentication failing?
Date Fri, 22 Jun 2007 08:46:23 GMT
David Van Couvering <david@vancouvering.com> writes:

> I think "invalid authentication" is incorrect, because actually it
> should be "this user is not authorized to shut down the database."
> The authentication went fine, it's just they aren't authorized.  There
> is security and there is being completely misleading.  The poor user
> will scratch their heads, like Martin did, wondering what on earth is
> wrong with their user and password, especially when they can log in to
> do other things.

Since the problem here is that the shutdown command in
NetworkServerControl does not pick up the user name or the password, I
think "invalid authentication" is correct. It tries to shut down the
database using the default user and no password when
derby.connection.requireAuthentication is true, hence it is not
authenticated (whereas the default user may or may not be authorized to
shut down the database).

> On 6/21/07, Francois Orsini <francois.orsini@gmail.com> wrote:
>> On 6/21/07, Knut Anders Hatlen <Knut.Hatlen@sun.com> wrote:
>> > Martin Zaun <Martin.Zaun@Sun.COM> writes:

>> > > - For better diagnostics, should the "Invalid authentication" message
>> > >   tell the user name being used for authentication?
>> We could have - this has been there for ages -  I think it was done
>> originally for extra security ;-) One does not say anything about what went
>> wrong with the credentials, one just fails to authenticate and the requester
>> should know what to do to fix it (no guidance as far as what went wrong -
>> other databases also do this - I remember having looked at other RDBMS but
>> it was long ago).

I don't think adding the user name to the error message would reduce the
security. Sure, "User 'APP' does not exist" or "Invalid password for
user 'APP'" would be problematic, as they would reveal whether or not a
user existed. However, a message like "Invalid authentication for user
'APP'" would be OK since it doesn't say what went wrong, and it would be
more useful since Martin (or any other user) would immediately see that
the supplied user name had not been picked up.

Knut Anders

View raw message