Derby
  1. Derby
  2. DERBY-5762

Consider storing a normalized authorization id in SYS.SYSUSERS in order to make NATIVE procedures follow the same casing conventions for usernames which we use on connection urls

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.9.1.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Issue & fix info:
      Patch Available

      Description

      Right now if you want to connect with a lowercase authorization id, you need to double-quote it:

      connect 'jdbc:derby:db;user="dbo";password=dbo_password';

      But you don't use double-quotes when creating NATIVE credentials for that user:

      call syscs_util.syscs_create_user( 'dbo', 'dbo_password' );

      I will attach a proof-of-concept patch which causes the NATIVE procedures to normalize USERNAME arguments before using them to key into SYS.SYSUSERS. This preserves the following feature of the current implementation:

      1) Only one set of NATIVE credentials can be stored for a given authorization id. Note that this differs from the behavior of other authentication schemes. The other authentication schemes let you store a set of credentials for every upper/lower-case permutation of the authorization id. To me , this seems like a big security hole in those other authentication schemes.

      In addition, the proof-of-concept patch has the following behavior:

      2) You connect with the same username string which you use when calling syscs_util.syscs_create_user.

      If this seems like the right casing behavior, I will write some tests and check this in.

      1. derby-5762.sql
        1 kB
        Rick Hillegas
      2. derby-5762-01-aa-normalizeNativeProcArg.diff
        3 kB
        Rick Hillegas
      3. derby-5762-01-ab-normalizeNativeProcArg.diff
        7 kB
        Rick Hillegas
      4. derby-5762-01-ad-normalizeNativeProcArg.diff
        10 kB
        Rick Hillegas

        Issue Links

          Activity

          Rick Hillegas created issue -
          Rick Hillegas made changes -
          Field Original Value New Value
          Link This issue relates to DERBY-866 [ DERBY-866 ]
          Rick Hillegas made changes -
          Attachment derby-5762-01-aa-normalizeNativeProcArg.diff [ 12526553 ]
          Attachment derby-5762.sql [ 12526554 ]
          Rick Hillegas made changes -
          Issue & fix info Patch Available [ 10102 ]
          Rick Hillegas made changes -
          Rick Hillegas made changes -
          Rick Hillegas made changes -
          Link This issue is related to DERBY-5763 [ DERBY-5763 ]
          Rick Hillegas made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Rick Hillegas made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Gavin made changes -
          Workflow jira [ 12667037 ] Default workflow, editable Closed status [ 12802656 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Rick Hillegas
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development