Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2407

A connection attempt by an unauthorized user leaves a previously non-booted database booted

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Won't Fix
    • 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
    • None
    • Services
    • None

    Description

      File this as a placeholder for the discussion started in
      http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html

      This may or may not be a behavior we would like to change.

      (first mail):
      Working on DERBY-2264, I notice (again) that booting a database is not
      protected in any way. Currently, even when authentication
      (derby.connection.requireAuthentication) is turned on, any user can
      leave the database in a booted state: If not already booted, the
      database potentially needs to be booted to authenticate. However, if
      authentication fails, the database is not shut down again. Thus, an
      invalid user is allowed to change the database state. I think this is
      somewhat surprising for an end user. Is there a reason for this
      behavior?

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5968 A failed connection attempt may nevertheless manage to boot the database.

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              dagw Dag H. Wanvik
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: