You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2008/05/20 20:49:55 UTC

[jira] Updated: (DERBY-3681) When authenticating a user at connect time, verify that the user provided is not also a defined role name.

     [ https://issues.apache.org/jira/browse/DERBY-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dag H. Wanvik updated DERBY-3681:
---------------------------------

    Description: 
Although we try to avoid creating role that are not also valid Derby users (see DERBY-3673), we cannot
in general know for sure that no such user exists; it could be added to derby.properties after
the role has been created, authentication could be LDAP or user-defined, in which cases
the check at role creation time will not work. So, in order to avoid collisions between user identifiers and role identifiers, we shoudl check at connect time that there is no role by same name as the supplied user name.

> When authenticating a user at connect time, verify that the user provided is not also a defined role name.
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3681
>                 URL: https://issues.apache.org/jira/browse/DERBY-3681
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>
> Although we try to avoid creating role that are not also valid Derby users (see DERBY-3673), we cannot
> in general know for sure that no such user exists; it could be added to derby.properties after
> the role has been created, authentication could be LDAP or user-defined, in which cases
> the check at role creation time will not work. So, in order to avoid collisions between user identifiers and role identifiers, we shoudl check at connect time that there is no role by same name as the supplied user name.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.