db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3014) Make SYSCS_UTIL.SYSCS_GET_DATABASE_PROPERTY('derby.user.<username>') return NULL instead of the hash value of the password
Date Thu, 14 Feb 2008 15:45:08 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12568971#action_12568971
] 

Daniel John Debrunner commented on DERBY-3014:
----------------------------------------------

I'm not sure that returning a value for a defined user is a good idea. This means the method
now indicates if a user name is valid or not which is more information for an attacker. Now
this function is under the control of the database owner so maybe it's ok, but it's a very
generic function, so at least the documentation for it should indicate that allowing others
to run this exposes sensitive security information.

If it returned NULL than an additional function to determine is a user is valid in the BUILTIN
scheme could be added. With that it would be more obvious to the database owner the danger
of granting execute permission to others.

There may also be other ways to detemine valid users, but those might get closed in future
releases, so with this change it's a good chance to get it right now.

> Make SYSCS_UTIL.SYSCS_GET_DATABASE_PROPERTY('derby.user.<username>')  return NULL
instead of the hash value of the password
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3014
>                 URL: https://issues.apache.org/jira/browse/DERBY-3014
>             Project: Derby
>          Issue Type: Improvement
>          Components: Security
>            Reporter: Daniel John Debrunner
>            Assignee: R VIDYA LAKSHMI
>         Attachments: DERBY-3014.diff
>
>
> Increases security by providing less information to any attacker. The current returned
hash value could be used in an off-line dictionary based attack to find a valid password.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message