db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dag.wan...@oracle.com (Dag H. Wanvik)
Subject Re: Invalid authentication exception on enabling requireAuthentication=true
Date Mon, 08 Nov 2010 17:16:39 GMT
Ashish Jain <ashjain2@gmail.com> writes:

> derby.connection.requireAuthentication=true.

Setting this property in derby.properties makes it a system-wide
property, cf. your issue with shutting down the server. You could also
make it a database level property (it would then only protect access for
that one database, but not server shutdown, I think). If you really want
a system level property for derby.connection.requireAuthentication=true,
you need to either use derby.properties or set a system wide property as
long as you stick with Derby's built-in users.

Note that Derby's built-in users system isn't recommended for
production, cf. the caveat in:

http://db.apache.org/derby/docs/10.6/devguide/cdevcsecure21547.html

Hope this helps,
Dag

>
> Following this I had used system call's something as follows:
> "CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.user.test','test123');"
> to provide secure access to database.
>
> Till this everything works fine.
>
> Next I utilize the NetworkServerControl api to start and stop a Network
> Server.  A Network Server
> is created as follows--> NetworkServerControl(address, port). Start is fine.
> However during network.shutdown()
> I see the following exception:
>
> java.sql.SQLException: Connection authentication failure occurred.
> Reason: Invalid authentication..
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> throwSQLException(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> consolePropertyMessageWork(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> consolePropertyMessage(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> wrapSQLError(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.
> readResult(Unknown Source)
>         at org.apache.derby.impl.drda.NetworkServerControlImpl.shutdown
> (Unknown Source)
>         at org.apache.derby.drda.NetworkServerControl.shutdown(Unknown
>
> This exception is legitimate since I do not provide any credentials to
> create a Network Server and this also
> helps to prevent server shutdown from any unauthorised personnel. I am able
> to avoid this using the following
> 2 steps:
>
> 1) Add derby.user.test=test123 is derby.properties file.
> 2) create a Network Server Control object using
> NetworkServerControl(address, port,"test","test123");
>
> However I am not happy with this kind of solution  because of the following:
> 1) I had to set a system wide property that is "derby.user.test=test123".
> 2) The password appears in plain text.
> 3) I have to hard code the username/password while creating a
> NetworkServerControl object.
>
> How can I avoid the above situation so that I
> a) do not need to  set password in plain text
> b) do not need to  set system wide properties
> c) No hard coding username/password while creating a network server control
> object.
>
> Kindly help!!
>
> Thanks
> Ashish

-- 

Mime
View raw message