db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5636) Improve the overview of Derby's security mechanisms
Date Mon, 26 Mar 2012 13:44:28 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13238386#comment-13238386
] 

Rick Hillegas commented on DERBY-5636:
--------------------------------------

Hi Kim,

The changes so far look good. +1 to commit them.

I'm not sure about why we have the section titled "Notes on the Derby security features".
Its purpose might be to alert users to vulnerabilities which Derby does not address and which
the application is responsible for addressing. I don't know what "trolling for objects" means.
The vulnerabilities I understand seem to boil down to these problems:

1) If someone gets physical access to your database (e.g., they are able to copy it onto their
own disk), then they can subvert all other security mechanisms given enough time. Your best
Derby defense against this exploit is to encrypt the data. However, if the encryption can
be broken, then the data is vulnerable. I don't know what the application can do about this
problem other than "try not to let this happen."

2) There are no authorization checks for system-wide operations. Anyone who can authenticate
at the system level enjoys god-like powers to shutdown the engine and restore databases. Your
best Derby defense here is to limit the number of users who can authenticate at the system
level. This is easy to do with NATIVE authentication: just put 1 superuser in the system-wide
credentials db and store the database-specific users in their respective databases. You can
do this with LDAP by using different LDAP servers for system-wide and database-specific authentication.

Thanks,
-Rick
                
> Improve the overview of Derby's security mechanisms
> ---------------------------------------------------
>
>                 Key: DERBY-5636
>                 URL: https://issues.apache.org/jira/browse/DERBY-5636
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>         Attachments: DERBY-5636.diff, DERBY-5636.stat, DERBY-5636.zip
>
>
> The documentation on Derby's security mechanisms is scattered across several manuals.
This makes it hard for developers to figure out which security mechanisms are relevant for
a given application. Here are 3 places where security documentation appears:
> 1) In the Developer's Guide section titled "Derby and security"
> 2) In the Admin Guide section titled "Derby Network Server advanced topics"
> 3) In the Reference Manual section titled "Derby properties" as well as the syntax sections
on GRANT, REVOKE, CREATE/DROP ROLE, and CREATE FUNCTION/PROCEDURE.
> It would be good to add a section which points the developer at all of this material.
It might be sufficient to rewrite the top level "Derby and security" page of the Developer's
Guide. The following white paper may help organize our thoughts about this: http://www.oracle.com/technetwork/java/javadb/securitywhitepaper10-159253.pdf

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message