db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Francois Orsini (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-1823) Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph
Date Wed, 24 Oct 2007 00:14:50 GMT

    [ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537177
] 

Francois Orsini commented on DERBY-1823:
----------------------------------------

Changes look good Kim. I guess we want to inform the users that these samples are making use
of Derby's built-in authentication mechanism (aka connection authorization in Derby) but they
could also use ANSI SQL Standard GRANT/REVOKE object statements (aka SQL Authorization in
Derby) and find more information by pointing them to http://db.apache.org/derby/docs/dev/devguide/devguide-single.html#cdevcsecure36595
Feel free to file a new JIRA if you think it is needed. I was just trying to make sure that
by looking at these samples, users miss the fact that Derby also have support for GRANT/REVOKE.

> Derby Developer's Guide -  Issues w/ User authentication and authorization extended examples
section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1823
>                 URL: https://issues.apache.org/jira/browse/DERBY-1823
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
>            Reporter: Francois Orsini
>            Assignee: Kim Haase
>            Priority: Minor
>         Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823.diff,
DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section  "User authentication and authorization
extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot
the database for which the 'derby.connection.requireAuthentication' authentication database
property is being set - as this last one is a derby static property, it will not be taken
into account until the database is rebooted (or the whole derby engine instance). Hence, the
2 checks for "Confirming requireAuthentication" is misleading as the property value is changed
_but_ the actual database authentication enabling/disabling has not changed since it was last
booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication'
is set and then some negative testing of invalid user connection needs to be added to show
that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as
the 2 above such as:
>   "User authentication example in a single-user, embedded environment"
>   http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
>   "User authentication example in a client/server environment"
>   http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server
and embedded environments context.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message