db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6234) Remove references to BUILTIN authentication from the user guides
Date Mon, 17 Feb 2014 21:05:19 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13903504#comment-13903504
] 

Rick Hillegas commented on DERBY-6234:
--------------------------------------

Hi Kim. Here are some responses:

> "Shutting down Derby or an individual database" (tdevdvlp40464.dita): remove note. Does
the preceding paragraph need changes?

That paragraph looks ok to me. The credentials can be defined at the system level regardless
of the authentication scheme you use.

> Are the topics "SYSCS_UTIL.SYSCS_SET_USER_ACCESS system procedure" (rrefsetuseraccess.dita),
"derby.database.fullAccessUsers" (rrefproper25025.dita), and "derby.database.readOnlyAccessUsers"
(rrefproper39325.dita) relevant to non-BUILTIN authentication? The Developer's Guide says
they are not relevant "if you use SQL authorization (the default with NATIVE authentication)".
Are they relevant to LDAP or class-based authentication? (There are some Dev Guide topics
that mention these properties also.)

Hm. Where does the Developer's Guide say that coarse-grained authorization is not relevant
if you use fine-grained authorization? I don't think that is true. I think that the two authorization
schemes are independent of one another. Of course, they both require you to have some notion
of who the user is, so they both depend on your having enabled SQL authentication.

Hope this helps,
-Rick

> Remove references to BUILTIN authentication from the user guides
> ----------------------------------------------------------------
>
>                 Key: DERBY-6234
>                 URL: https://issues.apache.org/jira/browse/DERBY-6234
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.11.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>
> BUILTIN authentication is a scheme suitable only for regression tests. Many security
problems make it inappropriate for production use. To avoid confusion and prevent users from
selecting this insecure authentication scheme, we should remove references to it from our
user documentation.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message