You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2007/10/30 15:04:50 UTC
[jira] Closed: (DERBY-2407) A connection attempt by an unauthorized
user leaves a previously non-booted database booted
[ https://issues.apache.org/jira/browse/DERBY-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dag H. Wanvik closed DERBY-2407.
--------------------------------
Resolution: Won't Fix
No consensus that this should be fixed, so closing as "won't fix" for now.
> A connection attempt by an unauthorized user leaves a previously non-booted database booted
> -------------------------------------------------------------------------------------------
>
> Key: DERBY-2407
> URL: https://issues.apache.org/jira/browse/DERBY-2407
> Project: Derby
> Issue Type: Improvement
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
> Reporter: Dag H. Wanvik
> Priority: Minor
>
> File this as a placeholder for the discussion started in
> http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html
> This may or may not be a behavior we would like to change.
> (first mail):
> Working on DERBY-2264, I notice (again) that booting a database is not
> protected in any way. Currently, even when authentication
> (derby.connection.requireAuthentication) is turned on, any user can
> leave the database in a booted state: If not already booted, the
> database potentially needs to be booted to authenticate. However, if
> authentication fails, the database is not shut down again. Thus, an
> invalid user is allowed to change the database state. I think this is
> somewhat surprising for an end user. Is there a reason for this
> behavior?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.