db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3150) BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.
Date Thu, 25 Oct 2007 18:20:50 GMT
BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers
when not quoted.
---------------------------------------------------------------------------------------------------------------

                 Key: DERBY-3150
                 URL: https://issues.apache.org/jira/browse/DERBY-3150
             Project: Derby
          Issue Type: Bug
          Components: JDBC, Security
    Affects Versions: 10.3.1.4, 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0, 10.0.2.1,
10.0.2.0, 10.4.0.0
            Reporter: Daniel John Debrunner


The documentation for the property derby.user.userName says "User names are SQL92Identifiers
and can be delimited." and has examples with delimited identifiers.

For a regular identifier (non-quoted) the user name to password mapping is not normalized
so that the user name is upper-case, this causes login failures when a user name is provided
that matches the normalized name, but does not match the value in the property name.

derby.user.dan=password

Logging in with user name dan works, but DAN or Dan will not.  Note that with any of these
user names provided to JDBC, the SQL CURRENT_USER will return DAN.

jdbc:derby:db;user=dan  // ok
jdbc:derby:db;user=Dan //not ok
jdbc:derby:db;user=DAN // not ok

Note that if the user name is normalized then the scheme would have to deal with this situation:

derby.user.dan=passwordOne
derby.user.DAN=passwordTwo

These two properties refer to the same user, but two passwords are being defined.

Test case in AuthenticationTest with this bug number.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message