Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 4042 invoked from network); 7 Aug 2009 02:57:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Aug 2009 02:57:32 -0000 Received: (qmail 35848 invoked by uid 500); 7 Aug 2009 02:57:39 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 35811 invoked by uid 500); 7 Aug 2009 02:57:39 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 35803 invoked by uid 99); 7 Aug 2009 02:57:39 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Aug 2009 02:57:39 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Aug 2009 02:57:36 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id D6C18234C044 for ; Thu, 6 Aug 2009 19:57:14 -0700 (PDT) Message-ID: <14037724.1249613834867.JavaMail.jira@brutus> Date: Thu, 6 Aug 2009 19:57:14 -0700 (PDT) From: "Lily Wei (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-3532) Invalid & possibly skipped authentication handling when shutting down the network server. In-Reply-To: <1459433894.1205440584504.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lily Wei updated DERBY-3532: ---------------------------- Attachment: DERBY-3532.diff Thank you, Kathey. I made the change with your suggestion. It is worth noting that Network Server will automatically restart Derby embedded if it detects in test environment. And, this is why management.InactiveManagementMBeanTest failed with the change. As Kathey pointed out, users can shutdown the embedded engine from client with ClientDataSource but not with DriverManager.getConnection(url) (please see DerbyRepro3532.java) If we allow ClientDataSource to shut down embedded engine, authentication service could be null. If DriverManager.getConnection(url) can not shutdown the engine, some tests will failed. i.e. management.InactiveManagementMBeanTest will still have embedded engine running since network server restart it. Maybe we should not allow ClientDataSource to shut down embedded engine and make it too heavy of check that can impact performance. Any suggestion is welcome. > Invalid & possibly skipped authentication handling when shutting down the network server. > ------------------------------------------------------------------------------------------ > > Key: DERBY-3532 > URL: https://issues.apache.org/jira/browse/DERBY-3532 > Project: Derby > Issue Type: Bug > Components: Network Server > Affects Versions: 10.4.1.3, 10.5.1.1 > Reporter: Daniel John Debrunner > Priority: Critical > Attachments: DERBY-3532.diff, ReproDerby3532.java, ReproDerby3532.java > > > In NetworkServerControlImpl.checkShutdownPrivileges() code fetches the internal authentication service to perform user authentication. > However if no such authentication service is found (null is returned) then authentication is bypassed, this has the potential of being a security hole. > The discussion in DERBY-2109 indicated that even with authentication NONE, there is still an internal authentication service, thus null is not a valid return when getting the internal authentication service. A secure fail safe system would be to not bypass authentication if null is returned. > I tried removing the check for null in the method and that lead to NullPointerExceptions. This means that something wrong is going on and very possibly no authentication checks are actually being made when shutting down the network server. > The null return might be due to checking the authentication after Derby has been shutdown. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.