db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5647) NATIVE warns about password expiry for DBO
Date Mon, 12 Mar 2012 15:08:46 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227589#comment-13227589
] 

Rick Hillegas commented on DERBY-5647:
--------------------------------------

Thanks for buddy-testing NATIVE authentication, Knut.

This behavior is deliberate although I can see that it is confusing. We want to encourage
the DBO to change her password regularly--probably her password is the most important one
in the database. However, we don't want to actually lock out the DBO if she goes on vacation
and her password expires while she's on the beach. That would orphan the application. I can
think of several approaches to this issue:

1) Change the error message so that it indicates that the DBO's password won't actually expire.
Something like:

Your password will expire in 0 day(s). Please use the SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure
to change your password. Note that if you are the database owner, your password will still
be valid after the expiration date, but you are urged to update your password. 

2) Produce a different error message if the user is the DBO:

Your password will become stale in 0 day(s). You should update your password soon in order
to protect the database. Please use the SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change
your password.

3) Abandon the goal of preventing the DBO from locking herself out. Let the DBO's password
truly expire and therefore let the database become truly unusable.

What are your thoughts?

Thanks,
-Rick


                
> NATIVE warns about password expiry for DBO
> ------------------------------------------
>
>                 Key: DERBY-5647
>                 URL: https://issues.apache.org/jira/browse/DERBY-5647
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>            Priority: Minor
>
> The DBO's password cannot expire. Still, NATIVE warns that the password is about to expire.
> ij> connect 'jdbc:derby:authdb;create=true;user=admin';
> ij> call syscs_util.syscs_set_database_property('derby.authentication.native.passwordLifetimeMillis',
'100');
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_create_user('ADMIN', '%*$');
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_set_database_property('derby.authentication.provider', 'NATIVE::LOCAL');
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:authdb;shutdown=true';
> ERROR 08006: Database 'authdb' shutdown.
> ij> connect 'jdbc:derby:authdb;user=admin;password=%*$';
> WARNING 01J15: Your password will expire in 0 day(s). Please use the SYSCS_UTIL.SYSCS_MODIFY_PASSWORD
 procedure to change your password.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message