[jira] Closed: (DERBY-224) System versus Database authentication conflict

["Francois Orsini (JIRA)" <de...@db.apache.org>]

     [ http://issues.apache.org/jira/browse/DERBY-224?page=all ]
     
Francois Orsini closed DERBY-224:
---------------------------------

    Resolution: Invalid
     Assign To: Francois Orsini

See previous comment - not a bug - works as intented.

> System versus Database authentication conflict
> ----------------------------------------------
>
>          Key: DERBY-224
>          URL: http://issues.apache.org/jira/browse/DERBY-224
>      Project: Derby
>         Type: Improvement
>   Components: Security
>     Versions: 10.0.2.0
>  Environment: Windows XP Professional SP1
>     Reporter: George Baklarz
>     Assignee: Francois Orsini

>
> As a system user (authentication enabled at the system level), it is possible for someone registered at the database level to prevent me from accessing it (this was done with BUILTIN authentication).
> This occurs because of a conflict between two identical userids. If I create a system user (sa) with a password of "Derby" and a user at the database level is created with a userid of sa with a password of "Apache", this user will take precedence on the connect command to the database. 
> So there are really two problems here. 
> (1) Duplicate userids are allowed between system level users and database users
> (2) Database userids take precedence over system users.
> This may be working as designed, but it surpised me when I couldn't connect to the database because of an incorrect password. I would have liked the system userid to connect to all databases even if a local database userid was present.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira