Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Invalid
-
10.0.2.0
-
None
-
None
-
None
-
Windows XP Professional SP1
-
Security
Description
As a system user (authentication enabled at the system level), it is possible for someone registered at the database level to prevent me from accessing it (this was done with BUILTIN authentication).
This occurs because of a conflict between two identical userids. If I create a system user (sa) with a password of "Derby" and a user at the database level is created with a userid of sa with a password of "Apache", this user will take precedence on the connect command to the database.
So there are really two problems here.
(1) Duplicate userids are allowed between system level users and database users
(2) Database userids take precedence over system users.
This may be working as designed, but it surpised me when I couldn't connect to the database because of an incorrect password. I would have liked the system userid to connect to all databases even if a local database userid was present.
Attachments
Issue Links
- relates to
-
DERBY-3271 Using BUILTIN authentication, I can't log in as database creator after storing credentials in the database.
-
- Closed
-