db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@oracle.com>
Subject Re: What is wrong with the BUILTIN authentication mechanism?
Date Mon, 17 Oct 2011 14:24:47 GMT
On 10/17/11 5:56 AM, Paul Nichols wrote:
> The documentation is still (in 10.8) glossed with warnings against
> production use of the BUILTIN authentication mechanism, can anyone tell me
> what is wrong with it? The only reference to any problems I can find is
> CVE-2009-4269 (DERBY-4483) which was fixed in 10.6.1.0 so is there any
> reason to not use it now?
>
> Thanks,
>
> Paul.
>
>
Hi Paul,

Over time this mechanism is becoming more secure. The mechanism has some 
usability problems:

1) It is hard to figure out all the knobs you have to turn to make this 
feature as secure as possible. At a minimum, the dbo must do the 
following and then store all of the credentials in the database:

call syscs_util.syscs_set_database_property( 
'derby.database.propertiesOnly','true' );
call syscs_util.syscs_set_database_property( 
'derby.connection.requireAuthentication', 'true' );
call syscs_util.syscs_set_database_property( 
'derby.authentication.provider', 'BUILTIN' );
call syscs_util.syscs_set_database_property( 
'derby.database.sqlAuthorization', 'true' );

2) Derby does not supply an api by which users can administer their own 
passwords. You can get around this by writing your own public procedures 
which are owned by the dbo and declared with definer's rights.

Thanks,
-Rick


Mime
View raw message