db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3532) Invalid & possibly skipped authentication handling when shutting down the network server.
Date Fri, 07 Aug 2009 13:04:14 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12740538#action_12740538
] 

Kathey Marsden commented on DERBY-3532:
---------------------------------------

Dag said:
>it is in some connection modes possible to shut down the 
engine underneath the network server, in other modes it is not possible?

Yes currently from the client you can shutdown the engine remotely  with ClientDataSource
but not with ClientDriver/DriverManager. The 
two should be the same. The question is whether to to disable this capability for ClientDataSource
or enable it for ClientDriver. Disabling functionality of course has the risk of regressing
someone that is using it.

If running in the same JVM you can also shutdown the engine with EmbeddedDriver or EmbeddedDataSource.
 I think for these two we just should document that it is ill advised. I don't think we can
prevent it.


> Invalid & possibly skipped  authentication handling when shutting down the network
server.
> ------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3532
>                 URL: https://issues.apache.org/jira/browse/DERBY-3532
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server
>    Affects Versions: 10.4.1.3, 10.5.1.1
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>         Attachments: DERBY-3532.diff, ReproDerby3532.java, ReproDerby3532.java
>
>
> In NetworkServerControlImpl.checkShutdownPrivileges() code fetches the internal authentication
service to perform user authentication.
> However if no such authentication service is found (null is returned) then authentication
is bypassed, this has the potential of being a security hole.
> The discussion in DERBY-2109 indicated that even with authentication NONE, there is still
an internal authentication service, thus null is not a valid return when getting the internal
authentication service. A secure fail safe system would be to not bypass authentication if
null is returned.
> I tried removing the check for null in the method and that lead to NullPointerExceptions.
This means that something wrong is going on and very possibly no authentication checks are
actually being made when shutting down the network server.
> The null return might be due to checking the authentication after Derby has been shutdown.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message