You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Knut Anders Hatlen (JIRA)" <ji...@apache.org> on 2007/11/15 17:13:43 UTC

[jira] Resolved: (DERBY-1823) Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph

     [ https://issues.apache.org/jira/browse/DERBY-1823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Knut Anders Hatlen resolved DERBY-1823.
---------------------------------------

       Resolution: Fixed
    Fix Version/s: 10.4.0.0
       Derby Info:   (was: [Patch Available])

Thanks Kim and Francois. Committed revision 595345.

> Derby Developer's Guide -  Issues w/ User authentication and authorization extended examples section/paragraph
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1823
>                 URL: https://issues.apache.org/jira/browse/DERBY-1823
>             Project: Derby
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
>            Reporter: Francois Orsini
>            Assignee: Kim Haase
>            Priority: Minor
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-1823-2.diff, DERBY-1823-2.zip, DERBY-1823-3.diff, DERBY-1823-3.zip, DERBY-1823-4.diff, DERBY-1823.diff, DERBY-1823.zip
>
>
> There is a couple of issues with the paragraph/section  "User authentication and authorization extended examples" in the developer's guide
> http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html
> 1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and reboot the database for which the 'derby.connection.requireAuthentication' authentication database property is being set - as this last one is a derby static property, it will not be taken into account until the database is rebooted (or the whole derby engine instance). Hence, the 2 checks for "Confirming requireAuthentication" is misleading as the property value is changed _but_ the actual database authentication enabling/disabling has not changed since it was last booted. Database needs to be shutdown and rebooted after 'derby.connection.requireAuthentication' is set and then some negative testing of invalid user connection needs to be added to show that only valid users can connect (in the case, authentication is being enabled).
> 2) Paragraph (extended examples section) also needs to be moved at the same level as the 2 above such as:
>   "User authentication example in a single-user, embedded environment"
>   http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
>   "User authentication example in a client/server environment"
>   http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html
> since the extended examples (once fixed - see 1)) can be applied in both a client-server and embedded environments context.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.