db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Matrigali <mikem_...@sbcglobal.net>
Subject Re: Derby secure by default
Date Mon, 19 Sep 2011 21:54:51 GMT
Rick Hillegas wrote:
> Hi Mike,
> Some comments inline...
> On 9/19/11 10:38 AM, Mike Matrigali wrote:
>> I am not sure how it applies to all of these points, but I am 
>> wondering if secure by default should be implemented on a per database 
>> basis rather than a system level basis?  It seems wierd that security 
>> could
>> change based on how the next embedded startup set a flag.
> I think that it should behave like derby.database.sqlAuthorization: once 
> it's been turned on it is stored in the database and you can't turn it 
> off at the system level. I agree that it would be weird to let the next 
> user subvert the security of your database by flipping a command line 
> switch.
I am trying to understand what happens when we change the default and a 
user upgrades to 11 and starts up on there existing database that has no
authentication or authorization enabled.  What is the proposed soft 
upgrade behavior?  What is the proposed hard upgrade behavior?

This is a development detail but what is proposed for the existing derby
set of tests, which I have to assume are about 99% not authenticated or
authorized?  Would we implement a way to run them both ways?  Convert 
them all or most to run under new default?

View raw message