Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Won't Fix
-
10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0
-
None
-
None
Description
File this as a placeholder for the discussion started in
http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html
This may or may not be a behavior we would like to change.
(first mail):
Working on DERBY-2264, I notice (again) that booting a database is not
protected in any way. Currently, even when authentication
(derby.connection.requireAuthentication) is turned on, any user can
leave the database in a booted state: If not already booted, the
database potentially needs to be booted to authenticate. However, if
authentication fails, the database is not shut down again. Thus, an
invalid user is allowed to change the database state. I think this is
somewhat surprising for an end user. Is there a reason for this
behavior?
Attachments
Issue Links
- is related to
-
DERBY-5968 A failed connection attempt may nevertheless manage to boot the database.
- Open