db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5647) NATIVE warns about password expiry for DBO
Date Mon, 12 Mar 2012 19:28:37 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227804#comment-13227804
] 

Kristian Waagan commented on DERBY-5647:
----------------------------------------

Hi Rick,

I find option (3) unacceptable - I'd be very unhappy if I found myself, as the DBO, to be
locked out from the database without any way to reset/re-enable my account. A reset mechanism
is propably riddled with security issues itself and not suitable in this context.

Option (1) seems a little awkward for the non-DBO users, since much of the information in
the message is irrelevant for them.

I agree with Knut Anders, and find option (2) the most attractive.
Have you considered writing a message to derby.log in addition to the SQL warning? This could
increase the level of encouragment for changing the password, but we obviously don't want
to "spam" the log either.
                
> NATIVE warns about password expiry for DBO
> ------------------------------------------
>
>                 Key: DERBY-5647
>                 URL: https://issues.apache.org/jira/browse/DERBY-5647
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>            Priority: Minor
>
> The DBO's password cannot expire. Still, NATIVE warns that the password is about to expire.
> ij> connect 'jdbc:derby:authdb;create=true;user=admin';
> ij> call syscs_util.syscs_set_database_property('derby.authentication.native.passwordLifetimeMillis',
'100');
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_create_user('ADMIN', '%*$');
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_set_database_property('derby.authentication.provider', 'NATIVE::LOCAL');
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:authdb;shutdown=true';
> ERROR 08006: Database 'authdb' shutdown.
> ij> connect 'jdbc:derby:authdb;user=admin;password=%*$';
> WARNING 01J15: Your password will expire in 0 day(s). Please use the SYSCS_UTIL.SYSCS_MODIFY_PASSWORD
 procedure to change your password.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message