db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
Date Wed, 08 Aug 2007 20:50:59 GMT

    [ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518546

Kim Haase commented on DERBY-1823:

Francois, your second comment is easily fixed in the map file, but I need a bit of clarification
on how to fix the first. 

Are you suggesting that we provide a complete program example that would start the database,
call the first method, stop the database, restart the database, connect to the database using
some of the users created by the first method, fail to add data to the database as a guest,
succeed in adding data to the database as a full user, then call the second method to remove
the users, and shut down the database again? This would be a long and complicated program,
and I'm afraid the actual property-setting methods would get lost in it. Also I think there
would have to be two different versions for embedded and client-server, since the database
startup and shutdown can be done within the program using the embedded driver, but must be
done outside the program for the client driver.

Or is it enough to state that the user would have to do all those things?

By the way, there seems to be another problem with the topic. It begins "The following two
examples from the sample database ..." However, I don't think we supply this database with
Derby any more. Do we? I can't find them in the demo directory.

> Derby Developer's Guide -  Issues w/ User authentication and authorization extended examples
> --------------------------------------------------------------------------------------------------------------
>                 Key: DERBY-1823
>                 URL: https://issues.apache.org/jira/browse/DERBY-1823
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions:
>            Reporter: Francois Orsini
>            Priority: Minor
> There is a couple of issues with the paragraph/section  "User authentication and authorization
extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot
the database for which the 'derby.connection.requireAuthentication' authentication database
property is being set - as this last one is a derby static property, it will not be taken
into account until the database is rebooted (or the whole derby engine instance). Hence, the
2 checks for "Confirming requireAuthentication" is misleading as the property value is changed
_but_ the actual database authentication enabling/disabling has not changed since it was last
booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication'
is set and then some negative testing of invalid user connection needs to be added to show
that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as
the 2 above such as:
>   "User authentication example in a single-user, embedded environment"
>   http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
>   "User authentication example in a client/server environment"
>   http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server
and embedded environments context.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message