You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2007/11/02 00:49:50 UTC

[jira] Commented: (DERBY-3150) BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.

    [ https://issues.apache.org/jira/browse/DERBY-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12539488 ] 

Dag H. Wanvik commented on DERBY-3150:
--------------------------------------

svn 588304 introduced a javadoc warning:
  [javadoc] ../java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java:363: warning - @param argument "conn" is not a parameter name.


> BUILTIN authentication does not treat user names set in derby.user. as regular SQL identifiers when not quoted.
> ---------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3150
>                 URL: https://issues.apache.org/jira/browse/DERBY-3150
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC, Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.4.0.0
>            Reporter: Daniel John Debrunner
>
> The documentation for the property derby.user.userName says "User names are SQL92Identifiers and can be delimited." and has examples with delimited identifiers.
> For a regular identifier (non-quoted) the user name to password mapping is not normalized so that the user name is upper-case, this causes login failures when a user name is provided that matches the normalized name, but does not match the value in the property name.
> derby.user.dan=password
> Logging in with user name dan works, but DAN or Dan will not.  Note that with any of these user names provided to JDBC, the SQL CURRENT_USER will return DAN.
> jdbc:derby:db;user=dan  // ok
> jdbc:derby:db;user=Dan //not ok
> jdbc:derby:db;user=DAN // not ok
> Note that if the user name is normalized then the scheme would have to deal with this situation:
> derby.user.dan=passwordOne
> derby.user.DAN=passwordTwo
> These two properties refer to the same user, but two passwords are being defined.
> Test case in AuthenticationTest with this bug number.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.