Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3271

Using BUILTIN authentication, I can't log in as database creator after storing credentials in the database.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 10.3.1.4
    • Fix Version/s: None
    • Component/s: JDBC, Services
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      Using builtin authentication I am able to create a database and store credentials for 2 users: the original database creator and a second user. After that, I am able to reconnect as the second user but not as the original database creator. My test case follows.

      ------------------------------

      Here is my command for running ij with authentication turned on:

      java \
      -cp $CLASSPATH \
      -Dderby.stream.error.logSeverityLevel=0 \
      \
      -Dderby.connection.requireAuthentication=true \
      -Dderby.authentication.provider=BUILTIN \
      -Dderby.user.builtindba=dummypassword \
      \
      org.apache.derby.tools.ij myscript.sql

      Here is the first run of my script. This creates the database and stores credentials for 2 users, including the connected user:

      ij version 10.4
      ij> –
      -- First try to connect as builtindba.

      connect 'jdbc:derby:derby_builtin;create=true;user=builtindba;password=dummypassword';
      ij> –
      -- If I can't connect as builtindba, try connecting as fred.

      connect 'jdbc:derby:derby_builtin;create=true;user=fred;password=wilma';
      ERROR 08004: Connection authentication failure occurred. Reason: Invalid authentication..
      ij> –
      -- Store passwords in the database where they will be encrypted.

      call syscs_util.syscs_set_database_property( 'derby.user.builtindba', 'dummypassword' );
      0 rows inserted/updated/deleted
      ij> call syscs_util.syscs_set_database_property( 'derby.user.fred', 'wilma' );
      0 rows inserted/updated/deleted
      ij> values current_user;
      1
      --------------------------------------------------------------------------------------------------------------------------------
      BUILTINDBA

      1 row selected

      Here is the second run of my script. This fails to connect as the original user but succeeds as the other user:

      ij version 10.4
      ij> –
      -- First try to connect as builtindba.

      connect 'jdbc:derby:derby_builtin;create=true;user=builtindba;password=dummypassword';
      ERROR 08004: Connection authentication failure occurred. Reason: Invalid authentication..
      ij> –
      -- If I can't connect as builtindba, try connecting as fred.

      connect 'jdbc:derby:derby_builtin;create=true;user=fred;password=wilma';
      WARNING 01J01: Database 'derby_builtin' not created, connection made to existing database instead.
      ij> –
      -- Store passwords in the database where they will be encrypted.

      call syscs_util.syscs_set_database_property( 'derby.user.builtindba', 'dummypassword' );
      0 rows inserted/updated/deleted
      ij> call syscs_util.syscs_set_database_property( 'derby.user.fred', 'wilma' );
      0 rows inserted/updated/deleted
      ij> values current_user;
      1
      --------------------------------------------------------------------------------------------------------------------------------
      FRED

      1 row selected

        Attachments

        1. Derby3271Repro.java
          6 kB
          John H. Embretsen

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rhillegas Rick Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: