Derby
  1. Derby
  2. DERBY-2736

Connecting with an invalid user identifier performs authentication before rejecting the connection.

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4
    • Fix Version/s: None
    • Component/s: Services
    • Urgency:
      Normal
    • Issue & fix info:
      Newcomer, Repro attached
    • Bug behavior facts:
      Security

      Description

      Ideally no authentication attempt should be made because the user identifier is invalid.
      E.g. with this URL

      jdbc:derby:db1;user=123

      the connection attempt will correctly fail but only after the authentication mechanism is called.

      If the application has installed its own UserAuthenticator class then that class will be called with an invalid identifier.
      I believe that the connection request should fail before calling any authentication, developers should only be required
      to handle valid identifiers.

        Issue Links

          Activity

          Hide
          Rick Hillegas added a comment -

          Triaged for 10.5.2: assigned normal urgency, noted that repro is available, recommended to newcomers.

          Show
          Rick Hillegas added a comment - Triaged for 10.5.2: assigned normal urgency, noted that repro is available, recommended to newcomers.
          Hide
          Rick Hillegas added a comment -

          Linking to DERBY-5968 because the same code is involved and a common fix might address both issues.

          Show
          Rick Hillegas added a comment - Linking to DERBY-5968 because the same code is involved and a common fix might address both issues.

            People

            • Assignee:
              Unassigned
              Reporter:
              Daniel John Debrunner
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development