Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 46072 invoked from network); 5 Feb 2008 21:02:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Feb 2008 21:02:51 -0000 Received: (qmail 10206 invoked by uid 500); 5 Feb 2008 21:02:43 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 10169 invoked by uid 500); 5 Feb 2008 21:02:43 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 10159 invoked by uid 99); 5 Feb 2008 21:02:42 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Feb 2008 13:02:42 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [68.142.198.206] (HELO smtp107.sbc.mail.mud.yahoo.com) (68.142.198.206) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 05 Feb 2008 21:02:27 +0000 Received: (qmail 72954 invoked from network); 5 Feb 2008 21:02:18 -0000 Received: from unknown (HELO ?9.72.133.115?) (ddebrunner@sbcglobal.net@32.97.110.142 with plain) by smtp107.sbc.mail.mud.yahoo.com with SMTP; 5 Feb 2008 21:02:18 -0000 X-YMail-OSG: 0MBivDEVM1kxg1RMYuoxorxE26IYLCS33cv67eTpagGCxyCL0zoNV_V1XFZOvXF66R4p22hyk3xwZ70XZvW75c0uOUhWktM5RPRjAoTXt24RIq63j_9acSfEt.VBLw-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <47A8CEDA.90400@apache.org> Date: Tue, 05 Feb 2008 13:02:18 -0800 From: Daniel John Debrunner User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: derby-dev@db.apache.org Subject: Re: [jira] Commented: (DERBY-1387) Add JMX extensions to Derby References: <29598799.1202234048566.JavaMail.jira@brutus> <47A8B9D5.3090505@apache.org> <47A8CC7F.7080504@sun.com> In-Reply-To: <47A8CC7F.7080504@sun.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Rick Hillegas wrote: > Daniel John Debrunner wrote: >> Rick Hillegas (JIRA) wrote: >>> [ >>> https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565836#action_12565836 >>> ] >>> Rick Hillegas commented on DERBY-1387: >>> -------------------------------------- >>> >>> I believe the reason that I was not able to connect at the end of my >>> experiment was this: the server was actually brought down. Again, >>> without presenting credentials, this seems like the wrong behavior to >>> me. >> >> Isn't that Derby's behaviour at the moment, shutting the network >> server down does not enforce authentication? Security enforcement >> should not be the role of the JMX mbeans. >> >> Dan. > Right. I think there are at least two authentication issues here. One is > the current behavior of the network server (the bug which will be > addressed by Martin's work on DERBY-2109). The other issue is the fact > that the current DERBY-1387 patch lets you get your hands on the server > and system MBeans without presenting credentials. It's that latter issue > which I'm talking about here. What would be the issue with getting access to those mbeans without authentication? Just trying to understand the concern. Dan.