db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: [jira] Commented: (DERBY-1387) Add JMX extensions to Derby
Date Tue, 05 Feb 2008 21:02:18 GMT
Rick Hillegas wrote:
> Daniel John Debrunner wrote:
>> Rick Hillegas (JIRA) wrote:
>>>     [ 
>>> https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565836#action_12565836

>>> ]
>>> Rick Hillegas commented on DERBY-1387:
>>> --------------------------------------
>>> I believe the reason that I was not able to connect at the end of my 
>>> experiment was this: the server was actually brought down. Again, 
>>> without presenting credentials, this seems like the wrong behavior to 
>>> me.
>> Isn't that Derby's behaviour at the moment, shutting the network 
>> server down does not enforce authentication? Security enforcement 
>> should not be the role of the JMX mbeans.
>> Dan.
> Right. I think there are at least two authentication issues here. One is 
> the current behavior of the network server (the bug which will be 
> addressed by Martin's work on DERBY-2109). The other issue is the fact 
> that the current DERBY-1387 patch lets you get your hands on the server 
> and system MBeans without presenting credentials. It's that latter issue 
> which I'm talking about here.

What would be the issue with getting access to those mbeans without 
authentication? Just trying to understand the concern.


View raw message