db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3271) Using BUILTIN authentication, I can't log in as database creator after storing credentials in the database.
Date Wed, 12 Dec 2007 16:33:43 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551020
] 

John H. Embretsen commented on DERBY-3271:
------------------------------------------

I created a new issue, DERBY-3272, could this be what you are seeing?

Details:
If the password, when stored as a database property, is also defined on the command line,
the password will be stored in cleartext in the database (a bug). Then, on the next connection
when the supplied password is compared against the password in the database, Derby creates
a hash from the supplied password and compares it to what's in the database. Obviously, if
the database stores cleartext, the values won't match.

> Using BUILTIN authentication, I can't log in as database creator after storing credentials
in the database.
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3271
>                 URL: https://issues.apache.org/jira/browse/DERBY-3271
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.3.1.4
>            Reporter: Rick Hillegas
>         Attachments: Derby3271Repro.java
>
>
> Using builtin authentication I am able to create a database and store credentials for
2 users: the original database creator and a second user. After that, I am able to reconnect
as the second user but not as the original database creator. My test case follows.
> ------------------------------
> Here is my command for running ij with authentication turned on:
> java \
>   -cp $CLASSPATH \
>   -Dderby.stream.error.logSeverityLevel=0 \
>   \
>   -Dderby.connection.requireAuthentication=true \
>   -Dderby.authentication.provider=BUILTIN \
>   -Dderby.user.builtindba=dummypassword \
>   \
>   org.apache.derby.tools.ij  myscript.sql
> Here is the first run of my script. This creates the database and stores credentials
for 2 users, including the connected user:
> ij version 10.4
> ij> --
> -- First try to connect as builtindba.
> --
> connect 'jdbc:derby:derby_builtin;create=true;user=builtindba;password=dummypassword';
> ij> --
> -- If I can't connect as builtindba, try connecting as fred.
> --
> connect 'jdbc:derby:derby_builtin;create=true;user=fred;password=wilma';
> ERROR 08004: Connection authentication failure occurred.  Reason: Invalid authentication..
> ij> --
> -- Store passwords in the database where they will be encrypted.
> --
> call syscs_util.syscs_set_database_property( 'derby.user.builtindba', 'dummypassword'
);
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_set_database_property( 'derby.user.fred', 'wilma' );
> 0 rows inserted/updated/deleted
> ij> values current_user;
> 1                                                                                   
                                           
> --------------------------------------------------------------------------------------------------------------------------------
> BUILTINDBA                                                                          
                                           
> 1 row selected
> Here is the second run of my script. This fails to connect as the original user but succeeds
as the other user:
> ij version 10.4
> ij> --
> -- First try to connect as builtindba.
> --
> connect 'jdbc:derby:derby_builtin;create=true;user=builtindba;password=dummypassword';
> ERROR 08004: Connection authentication failure occurred.  Reason: Invalid authentication..
> ij> --
> -- If I can't connect as builtindba, try connecting as fred.
> --
> connect 'jdbc:derby:derby_builtin;create=true;user=fred;password=wilma';
> WARNING 01J01: Database 'derby_builtin' not created, connection made to existing database
instead.
> ij> --
> -- Store passwords in the database where they will be encrypted.
> --
> call syscs_util.syscs_set_database_property( 'derby.user.builtindba', 'dummypassword'
);
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_set_database_property( 'derby.user.fred', 'wilma' );
> 0 rows inserted/updated/deleted
> ij> values current_user;
> 1                                                                                   
                                           
> --------------------------------------------------------------------------------------------------------------------------------
> FRED                                                                                
                                           
> 1 row selected

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message