You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/10/25 20:20:50 UTC
[jira] Created: (DERBY-3150) BUILTIN authentication does not treat
user names set in derby.user. as regular SQL identifiers when not quoted.
BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.
---------------------------------------------------------------------------------------------------------------
Key: DERBY-3150
URL: https://issues.apache.org/jira/browse/DERBY-3150
Project: Derby
Issue Type: Bug
Components: JDBC, Security
Affects Versions: 10.3.1.4, 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0, 10.0.2.1, 10.0.2.0, 10.4.0.0
Reporter: Daniel John Debrunner
The documentation for the property derby.user.userName says "User names are SQL92Identifiers and can be delimited." and has examples with delimited identifiers.
For a regular identifier (non-quoted) the user name to password mapping is not normalized so that the user name is upper-case, this causes login failures when a user name is provided that matches the normalized name, but does not match the value in the property name.
derby.user.dan=password
Logging in with user name dan works, but DAN or Dan will not. Note that with any of these user names provided to JDBC, the SQL CURRENT_USER will return DAN.
jdbc:derby:db;user=dan // ok
jdbc:derby:db;user=Dan //not ok
jdbc:derby:db;user=DAN // not ok
Note that if the user name is normalized then the scheme would have to deal with this situation:
derby.user.dan=passwordOne
derby.user.DAN=passwordTwo
These two properties refer to the same user, but two passwords are being defined.
Test case in AuthenticationTest with this bug number.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3150) BUILTIN authentication does not
treat user names set in derby.user. as regular SQL identifiers when not
quoted.
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537698 ]
Daniel John Debrunner commented on DERBY-3150:
----------------------------------------------
Same issue if the connection request is made with the quoted identifier that maps to the upper-case form of the regular identifier, e.g.
jdbc:derby:db;user="DAN" // no ok
> BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.
> ---------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3150
> URL: https://issues.apache.org/jira/browse/DERBY-3150
> Project: Derby
> Issue Type: Bug
> Components: JDBC, Security
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.4.0.0
> Reporter: Daniel John Debrunner
>
> The documentation for the property derby.user.userName says "User names are SQL92Identifiers and can be delimited." and has examples with delimited identifiers.
> For a regular identifier (non-quoted) the user name to password mapping is not normalized so that the user name is upper-case, this causes login failures when a user name is provided that matches the normalized name, but does not match the value in the property name.
> derby.user.dan=password
> Logging in with user name dan works, but DAN or Dan will not. Note that with any of these user names provided to JDBC, the SQL CURRENT_USER will return DAN.
> jdbc:derby:db;user=dan // ok
> jdbc:derby:db;user=Dan //not ok
> jdbc:derby:db;user=DAN // not ok
> Note that if the user name is normalized then the scheme would have to deal with this situation:
> derby.user.dan=passwordOne
> derby.user.DAN=passwordTwo
> These two properties refer to the same user, but two passwords are being defined.
> Test case in AuthenticationTest with this bug number.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-3150) BUILTIN authentication does not treat
user names set in derby.user. as regular SQL identifiers when not quoted.
Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kathey Marsden updated DERBY-3150:
----------------------------------
Issue & fix info: [Repro attached]
Urgency: Normal
Triaged for 10.5.2. Set normal urgency.
> BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.
> ---------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3150
> URL: https://issues.apache.org/jira/browse/DERBY-3150
> Project: Derby
> Issue Type: Bug
> Components: JDBC
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.4.1.3
> Reporter: Daniel John Debrunner
>
> The documentation for the property derby.user.userName says "User names are SQL92Identifiers and can be delimited." and has examples with delimited identifiers.
> For a regular identifier (non-quoted) the user name to password mapping is not normalized so that the user name is upper-case, this causes login failures when a user name is provided that matches the normalized name, but does not match the value in the property name.
> derby.user.dan=password
> Logging in with user name dan works, but DAN or Dan will not. Note that with any of these user names provided to JDBC, the SQL CURRENT_USER will return DAN.
> jdbc:derby:db;user=dan // ok
> jdbc:derby:db;user=Dan //not ok
> jdbc:derby:db;user=DAN // not ok
> Note that if the user name is normalized then the scheme would have to deal with this situation:
> derby.user.dan=passwordOne
> derby.user.DAN=passwordTwo
> These two properties refer to the same user, but two passwords are being defined.
> Test case in AuthenticationTest with this bug number.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3150) BUILTIN authentication does not
treat user names set in derby.user. as regular SQL identifiers when not
quoted.
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12539488 ]
Dag H. Wanvik commented on DERBY-3150:
--------------------------------------
svn 588304 introduced a javadoc warning:
[javadoc] ../java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java:363: warning - @param argument "conn" is not a parameter name.
> BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.
> ---------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3150
> URL: https://issues.apache.org/jira/browse/DERBY-3150
> Project: Derby
> Issue Type: Bug
> Components: JDBC, Security
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.4.0.0
> Reporter: Daniel John Debrunner
>
> The documentation for the property derby.user.userName says "User names are SQL92Identifiers and can be delimited." and has examples with delimited identifiers.
> For a regular identifier (non-quoted) the user name to password mapping is not normalized so that the user name is upper-case, this causes login failures when a user name is provided that matches the normalized name, but does not match the value in the property name.
> derby.user.dan=password
> Logging in with user name dan works, but DAN or Dan will not. Note that with any of these user names provided to JDBC, the SQL CURRENT_USER will return DAN.
> jdbc:derby:db;user=dan // ok
> jdbc:derby:db;user=Dan //not ok
> jdbc:derby:db;user=DAN // not ok
> Note that if the user name is normalized then the scheme would have to deal with this situation:
> derby.user.dan=passwordOne
> derby.user.DAN=passwordTwo
> These two properties refer to the same user, but two passwords are being defined.
> Test case in AuthenticationTest with this bug number.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.