You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Donald Woods (JIRA)" <ji...@apache.org> on 2009/09/15 15:37:57 UTC
[jira] Commented: (GERONIMO-4878) Geronimo doesnt protect access to
its Derby databases
[ https://issues.apache.org/jira/browse/GERONIMO-4878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12755485#action_12755485 ]
Donald Woods commented on GERONIMO-4878:
----------------------------------------
Duplicate of https://issues.apache.org/jira/browse/GERONIMO-4296
> Geronimo doesnt protect access to its Derby databases
> -----------------------------------------------------
>
> Key: GERONIMO-4878
> URL: https://issues.apache.org/jira/browse/GERONIMO-4878
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.1.4
> Reporter: Radim Kolar
>
> run ij tool which comes with eclipse derby plugin and connect to geronimo.
> ij> connect 'jdbc:derby://localhost/SystemDatabase';
> ij> show tables;
> TABLE_SCHEM |TABLE_NAME |REMARKS
> ------------------------------------------------------------------------
> SYS |SYSALIASES |
> SYS |SYSCHECKS |
> SYS |SYSCOLPERMS |
> SYS |SYSCOLUMNS |
> SYS |SYSCONGLOMERATES |
> SYS |SYSCONSTRAINTS |
> SYS |SYSDEPENDS |
> SYS |SYSFILES |
> SYS |SYSFOREIGNKEYS |
> SYS |SYSKEYS |
> SYS |SYSROUTINEPERMS |
> SYS |SYSSCHEMAS |
> SYS |SYSSTATEMENTS |
> SYS |SYSSTATISTICS |
> SYS |SYSTABLEPERMS |
> SYS |SYSTABLES |
> SYS |SYSTRIGGERS |
> SYS |SYSVIEWS |
> SYSIBM |SYSDUMMY1 |
> APP |ACTIVEMQ_ACKS |
> APP |ACTIVEMQ_LOCK |
> APP |ACTIVEMQ_MSGS |
> APP |TIMERTASKS |
> 23 rows selected
> ij>
> no security restrictions are in place. Same for activemq message broker. Network listeners should be password protected.
> It would be great to have ability in administration console where we can assign security realm protection to particular derby database(s) or queues.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.