db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3532) Invalid & possibly skipped authentication handling when shutting down the network server.
Date Tue, 11 Aug 2009 17:38:14 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12741983#action_12741983

Dag H. Wanvik commented on DERBY-3532:

I think we have now established that one can shut down the engine from the client using both
ClientDataSource and the DeriverManager (see DERBY-4345). The server detects this. The question
is what should we do, if anything, about the fact that using the embedded driver (EmbeddedDataSource
or driver manager), we can shut down the engine underneath the server.

Kathey> I wonder instead if it would work and be worth it to put a
Kathey> lightweight check in network server for each client request to
Kathey> see if the embedded engine is running and if it is not, do the
Kathey> cleanup and start the embedded engine. Then we would always
Kathey> find the authentication service on shutdown and would be able
Kathey> to handle any other cleanup issues as well.

I think it would be good if the network server were able to detect the shutdown and cleanup/reboot
the engine, so we get the same behavior using embedded and client shutdown. Would it be costly
to have such a check?

> Invalid & possibly skipped  authentication handling when shutting down the network
> ------------------------------------------------------------------------------------------
>                 Key: DERBY-3532
>                 URL: https://issues.apache.org/jira/browse/DERBY-3532
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server
>    Affects Versions:,
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>         Attachments: DERBY-3532.diff, ReproDerby3532.java, ReproDerby3532.java
> In NetworkServerControlImpl.checkShutdownPrivileges() code fetches the internal authentication
service to perform user authentication.
> However if no such authentication service is found (null is returned) then authentication
is bypassed, this has the potential of being a security hole.
> The discussion in DERBY-2109 indicated that even with authentication NONE, there is still
an internal authentication service, thus null is not a valid return when getting the internal
authentication service. A secure fail safe system would be to not bypass authentication if
null is returned.
> I tried removing the check for null in the method and that lead to NullPointerExceptions.
This means that something wrong is going on and very possibly no authentication checks are
actually being made when shutting down the network server.
> The null return might be due to checking the authentication after Derby has been shutdown.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message