Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 89356 invoked from network); 23 May 2008 14:08:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 May 2008 14:08:20 -0000 Received: (qmail 10579 invoked by uid 500); 23 May 2008 14:08:20 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 10546 invoked by uid 500); 23 May 2008 14:08:20 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 10519 invoked by uid 99); 23 May 2008 14:08:20 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 May 2008 07:08:20 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 May 2008 14:07:34 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D73C6234C120 for ; Fri, 23 May 2008 07:07:55 -0700 (PDT) Message-ID: <1238581791.1211551675880.JavaMail.jira@brutus> Date: Fri, 23 May 2008 07:07:55 -0700 (PDT) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Resolved: (DERBY-3681) When authenticating a user at connect time, verify that the user provided is not also a defined role name. In-Reply-To: <711980761.1211309156309.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dag H. Wanvik resolved DERBY-3681. ---------------------------------- Resolution: Fixed Derby Info: (was: [Patch Available]) Thanks, Knut. Committed patch derby-3681-2 as svn 659543, resolving. > When authenticating a user at connect time, verify that the user provided is not also a defined role name. > ---------------------------------------------------------------------------------------------------------- > > Key: DERBY-3681 > URL: https://issues.apache.org/jira/browse/DERBY-3681 > Project: Derby > Issue Type: Sub-task > Components: Security > Reporter: Dag H. Wanvik > Assignee: Dag H. Wanvik > Fix For: 10.5.0.0 > > Attachments: derby-3681-1.diff, derby-3681-1.stat, derby-3681-2.diff, derby-3681-2.stat > > > Although we try to avoid creating role that are not also valid Derby users (see DERBY-3673), we cannot > in general know for sure that no such user exists; it could be added to derby.properties after > the role has been created, authentication could be LDAP or user-defined, in which cases > the check at role creation time will not work. So, in order to avoid collisions between user identifiers and role identifiers, we shoudl check at connect time that there is no role by same name as the supplied user name. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.