Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
-
None
-
Normal
-
Newcomer, Repro attached
-
Security
Description
Ideally no authentication attempt should be made because the user identifier is invalid.
E.g. with this URL
jdbc:derby:db1;user=123
the connection attempt will correctly fail but only after the authentication mechanism is called.
If the application has installed its own UserAuthenticator class then that class will be called with an invalid identifier.
I believe that the connection request should fail before calling any authentication, developers should only be required
to handle valid identifiers.
Attachments
Issue Links
- relates to
-
DERBY-5968 A failed connection attempt may nevertheless manage to boot the database.
- Open