db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6234) Remove references to BUILTIN authentication from the user guides
Date Mon, 17 Feb 2014 21:21:19 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13903510#comment-13903510
] 

Kim Haase commented on DERBY-6234:
----------------------------------

Thanks, Rick!

The topic "Setting the default connection access mode" says of the derby.database.defaultConnectionMode
property that "If you use SQL authorization (the default with NATIVE authentication), you
typically do not use this property."

The topic "Setting access for individual users" says of the derby.database.fullAccessUsers
and derby.database.readOnlyAccessUsers properties that "If you use SQL authorization (the
default with NATIVE authentication), you typically do not use these properties." 

Maybe I should remove those sentences? I'm not sure how they got in there. They do pretty
much contradict what the "User authorizations" topic says.

> Remove references to BUILTIN authentication from the user guides
> ----------------------------------------------------------------
>
>                 Key: DERBY-6234
>                 URL: https://issues.apache.org/jira/browse/DERBY-6234
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.11.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>
> BUILTIN authentication is a scheme suitable only for regression tests. Many security
problems make it inappropriate for production use. To avoid confusion and prevent users from
selecting this insecure authentication scheme, we should remove references to it from our
user documentation.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message