db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3585) Document user authentication support for network server shutdown
Date Wed, 02 Apr 2008 06:50:24 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12584438#action_12584438
] 

John H. Embretsen commented on DERBY-3585:
------------------------------------------

I'm wondering if the release note's description of the previous state may lead to impressions
that the security issue was more severe than it actually was. Specifically, the release note
says:

"Any user could shut down the server..."

and

"The previous behavior represented a security issue, because any client, without providing
user credentials, could shut down a network server running with user authentication."

Should we mention the fact that only local users/clients (users/clients on the same host as
the host running the server) could shut down the server? (Which as far as I know is still
true).

> Document user authentication support for network server shutdown
> ----------------------------------------------------------------
>
>                 Key: DERBY-3585
>                 URL: https://issues.apache.org/jira/browse/DERBY-3585
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Documentation
>            Reporter: Martin Zaun
>            Assignee: Martin Zaun
>             Fix For: 10.4.0.0
>
>         Attachments: releaseNote.html, releaseNote.html
>
>
> As part of the System Privileges work in DERBY-2109, the support of user authentication
for network server shutdown was discussed, implemented, and committed (revision 632502).
> In order to address a security issue (missing user authentication for shutdown), this
feature introduces a few incompatibilities with the usage of NetworkServerControl, which need
to be documented.
> This JIRA is to provide for the user documentation and the release notes describing the
usage changes and incompatibilities.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message