db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3585) Document user authentication support for network server shutdown
Date Wed, 02 Apr 2008 06:50:24 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12584438#action_12584438

John H. Embretsen commented on DERBY-3585:

I'm wondering if the release note's description of the previous state may lead to impressions
that the security issue was more severe than it actually was. Specifically, the release note

"Any user could shut down the server..."


"The previous behavior represented a security issue, because any client, without providing
user credentials, could shut down a network server running with user authentication."

Should we mention the fact that only local users/clients (users/clients on the same host as
the host running the server) could shut down the server? (Which as far as I know is still

> Document user authentication support for network server shutdown
> ----------------------------------------------------------------
>                 Key: DERBY-3585
>                 URL: https://issues.apache.org/jira/browse/DERBY-3585
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Documentation
>            Reporter: Martin Zaun
>            Assignee: Martin Zaun
>             Fix For:
>         Attachments: releaseNote.html, releaseNote.html
> As part of the System Privileges work in DERBY-2109, the support of user authentication
for network server shutdown was discussed, implemented, and committed (revision 632502).
> In order to address a security issue (missing user authentication for shutdown), this
feature introduces a few incompatibilities with the usage of NetworkServerControl, which need
to be documented.
> This JIRA is to provide for the user documentation and the release notes describing the
usage changes and incompatibilities.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message