You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Bernt M. Johnsen (JIRA)" <ji...@apache.org> on 2007/11/07 15:21:50 UTC
[jira] Created: (DERBY-3186) Do not allow the user to create
inaccessible databases
Do not allow the user to create inaccessible databases
------------------------------------------------------
Key: DERBY-3186
URL: https://issues.apache.org/jira/browse/DERBY-3186
Project: Derby
Issue Type: Improvement
Reporter: Bernt M. Johnsen
When dealing with users and properties, it is possible to create inaccessible or unmanageable databases. This happens only (I think) when derby.database.propertiesOnly is set to true.
checks should be implemented to avoid that. Examples:
The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level. A database with both these properties set and no users will be inaccessible.
The user should not be allowed to set derby.database.propertiesOnly, derby.connection.requireAuthentication and derby.database.sqlAuthorization without the current user (which will be the database owner) defined on the database level. A database with this settings may not be managed (properties may not be changed, users may not be created or deleted).
Note that its much easier to create these situations with GUI interfaces (e.g. JConsole and JMX) than with the tedious editing of property calls and sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3186) Do not allow the user to create
inaccessible databases
Posted by "Bernt M. Johnsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12541012 ]
Bernt M. Johnsen commented on DERBY-3186:
-----------------------------------------
Thanks Dan. If an external authentication provider is defined (either LDAP or a class name), it will of course be possible to define the needed users after the fact, and the database eill be accessible/manageable when that is done.
> Do not allow the user to create inaccessible databases
> ------------------------------------------------------
>
> Key: DERBY-3186
> URL: https://issues.apache.org/jira/browse/DERBY-3186
> Project: Derby
> Issue Type: Improvement
> Reporter: Bernt M. Johnsen
>
> When dealing with users and properties, it is possible to create inaccessible or unmanageable databases. This happens only (I think) when derby.database.propertiesOnly is set to true.
> checks should be implemented to avoid that. Examples:
> The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level. A database with both these properties set and no users will be inaccessible.
> The user should not be allowed to set derby.database.propertiesOnly, derby.connection.requireAuthentication and derby.database.sqlAuthorization without the current user (which will be the database owner) defined on the database level. A database with this settings may not be managed (properties may not be changed, users may not be created or deleted).
> Note that its much easier to create these situations with GUI interfaces (e.g. JConsole and JMX) than with the tedious editing of property calls and sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-3186) Do not allow the user to create
inaccessible databases
Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kathey Marsden updated DERBY-3186:
----------------------------------
Component/s: Security
> Do not allow the user to create inaccessible databases
> ------------------------------------------------------
>
> Key: DERBY-3186
> URL: https://issues.apache.org/jira/browse/DERBY-3186
> Project: Derby
> Issue Type: Improvement
> Components: Security
> Reporter: Bernt M. Johnsen
>
> When dealing with users and properties, it is possible to create inaccessible or unmanageable databases. This happens only (I think) when derby.database.propertiesOnly is set to true.
> checks should be implemented to avoid that. Examples:
> The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level. A database with both these properties set and no users will be inaccessible.
> The user should not be allowed to set derby.database.propertiesOnly, derby.connection.requireAuthentication and derby.database.sqlAuthorization without the current user (which will be the database owner) defined on the database level. A database with this settings may not be managed (properties may not be changed, users may not be created or deleted).
> Note that its much easier to create these situations with GUI interfaces (e.g. JConsole and JMX) than with the tedious editing of property calls and sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3186) Do not allow the user to create
inaccessible databases
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540808 ]
Daniel John Debrunner commented on DERBY-3186:
----------------------------------------------
> The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level.
Just a reminder that Derby does not require users to be defined at the database level (by Derby), e.g. the authentication and thus user definition may be through LDAP. So the above statement should include and "derby.authentication.provider=BUILTIN" (maybe including "derby.authentication.provider not set" as well?).
> Do not allow the user to create inaccessible databases
> ------------------------------------------------------
>
> Key: DERBY-3186
> URL: https://issues.apache.org/jira/browse/DERBY-3186
> Project: Derby
> Issue Type: Improvement
> Reporter: Bernt M. Johnsen
>
> When dealing with users and properties, it is possible to create inaccessible or unmanageable databases. This happens only (I think) when derby.database.propertiesOnly is set to true.
> checks should be implemented to avoid that. Examples:
> The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level. A database with both these properties set and no users will be inaccessible.
> The user should not be allowed to set derby.database.propertiesOnly, derby.connection.requireAuthentication and derby.database.sqlAuthorization without the current user (which will be the database owner) defined on the database level. A database with this settings may not be managed (properties may not be changed, users may not be created or deleted).
> Note that its much easier to create these situations with GUI interfaces (e.g. JConsole and JMX) than with the tedious editing of property calls and sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3186) Do not allow the user to create
inaccessible databases
Posted by "John H. Embretsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552710 ]
John H. Embretsen commented on DERBY-3186:
------------------------------------------
Until DERBY-3272 is fixed, it is possible to create an inaccessible database even if a user is defined on the database level. This happens if all users defined as database properties are also defined as system properties when the database properties (user credentials) are being set.
> Do not allow the user to create inaccessible databases
> ------------------------------------------------------
>
> Key: DERBY-3186
> URL: https://issues.apache.org/jira/browse/DERBY-3186
> Project: Derby
> Issue Type: Improvement
> Components: Security
> Reporter: Bernt M. Johnsen
>
> When dealing with users and properties, it is possible to create inaccessible or unmanageable databases. This happens only (I think) when derby.database.propertiesOnly is set to true.
> checks should be implemented to avoid that. Examples:
> The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level. A database with both these properties set and no users will be inaccessible.
> The user should not be allowed to set derby.database.propertiesOnly, derby.connection.requireAuthentication and derby.database.sqlAuthorization without the current user (which will be the database owner) defined on the database level. A database with this settings may not be managed (properties may not be changed, users may not be created or deleted).
> Note that its much easier to create these situations with GUI interfaces (e.g. JConsole and JMX) than with the tedious editing of property calls and sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DERBY-3186) Do not allow the user to create
inaccessible databases
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik updated DERBY-3186:
---------------------------------
Component/s: Services
> Do not allow the user to create inaccessible databases
> ------------------------------------------------------
>
> Key: DERBY-3186
> URL: https://issues.apache.org/jira/browse/DERBY-3186
> Project: Derby
> Issue Type: Improvement
> Components: Services
> Reporter: Bernt M. Johnsen
>
> When dealing with users and properties, it is possible to create inaccessible or unmanageable databases. This happens only (I think) when derby.database.propertiesOnly is set to true.
> checks should be implemented to avoid that. Examples:
> The user should not be allowed to set both derby.database.propertiesOnly and derby.connection.requireAuthentication on database level without having defined any users on the database level. A database with both these properties set and no users will be inaccessible.
> The user should not be allowed to set derby.database.propertiesOnly, derby.connection.requireAuthentication and derby.database.sqlAuthorization without the current user (which will be the database owner) defined on the database level. A database with this settings may not be managed (properties may not be changed, users may not be created or deleted).
> Note that its much easier to create these situations with GUI interfaces (e.g. JConsole and JMX) than with the tedious editing of property calls and sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.