db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@oracle.com>
Subject Re: Derby secure by default
Date Tue, 20 Sep 2011 12:56:25 GMT
On 9/19/11 2:54 PM, Mike Matrigali wrote:
> Rick Hillegas wrote:
>> Hi Mike,
>> Some comments inline...
>> On 9/19/11 10:38 AM, Mike Matrigali wrote:
>>> I am not sure how it applies to all of these points, but I am 
>>> wondering if secure by default should be implemented on a per 
>>> database basis rather than a system level basis?  It seems wierd 
>>> that security could
>>> change based on how the next embedded startup set a flag.
>> I think that it should behave like derby.database.sqlAuthorization: 
>> once it's been turned on it is stored in the database and you can't 
>> turn it off at the system level. I agree that it would be weird to 
>> let the next user subvert the security of your database by flipping a 
>> command line switch.
> I am trying to understand what happens when we change the default and 
> a user upgrades to 11 and starts up on there existing database that 
> has no
> authentication or authorization enabled.  What is the proposed soft 
> upgrade behavior?  What is the proposed hard upgrade behavior?
To minimize disruption, I would recommend that the setting of the master 
knob should not be affected by either soft or hard upgrade. If the knob 
was off originally, it stays off after upgrade. And vice versa.
> This is a development detail but what is proposed for the existing derby
> set of tests, which I have to assume are about 99% not authenticated or
> authorized?  Would we implement a way to run them both ways?  Convert 
> them all or most to run under new default?
My preference would be to make as many as possible run both ways.

View raw message