db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (DERBY-3681) When authenticating a user at connect time, verify that the user provided is not also a defined role name.
Date Fri, 23 May 2008 14:07:55 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik resolved DERBY-3681.
----------------------------------

    Resolution: Fixed
    Derby Info:   (was: [Patch Available])

Thanks, Knut. Committed patch derby-3681-2 as svn 659543, resolving.

> When authenticating a user at connect time, verify that the user provided is not also
a defined role name.
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3681
>                 URL: https://issues.apache.org/jira/browse/DERBY-3681
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: derby-3681-1.diff, derby-3681-1.stat, derby-3681-2.diff, derby-3681-2.stat
>
>
> Although we try to avoid creating role that are not also valid Derby users (see DERBY-3673),
we cannot
> in general know for sure that no such user exists; it could be added to derby.properties
after
> the role has been created, authentication could be LDAP or user-defined, in which cases
> the check at role creation time will not work. So, in order to avoid collisions between
user identifiers and role identifiers, we shoudl check at connect time that there is no role
by same name as the supplied user name.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message