Derby
  1. Derby
  2. DERBY-5968

A failed connection attempt may nevertheless manage to boot the database.

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 10.10.1.1
    • Fix Version/s: None
    • Component/s: Services
    • Urgency:
      Normal
    • Issue & fix info:
      Repro attached
    • Bug behavior facts:
      Security

      Description

      A connection attempt may fail but still manage to boot the database. If possible, we should try to bring down the database after the connection failure.

      1) Here is an example of this problem: If you use bad credentials to connect to a database, you will fail to get a connection. That's correct behavior. However, Derby must boot the database in order to discover its authentication mechanism. The database remains booted after this check.

      2) There are other examples of this problem. For instance, if a user with good credentials tries to change the boot password on an encrypted database, then the connection attempt will fail, but the database will remain booted. This can cause silent failures on later attempts to re-encrypt or un-encrypt a database after the low-privilege or nonexistent user manages to boot the database. The connection attempt will succeed, leading the DBO to think that the re-encryption worked. But actually re-encryption did not take place because the database was already booted.

      I regard this silent failure as a security vulnerability.

      The following script shows problem (1):

      connect 'jdbc:derby:db;create=true;user=test_dbo';

      call syscs_util.syscs_create_user( 'test_dbo', 'test_dbopassword' );

      – shutdown the database
      connect 'jdbc:derby:db;shutdown=true';

      – need credentials in order to get a connection
      connect 'jdbc:derby:db';
      connect 'jdbc:derby:db;user=test_dbo;password=test_dbopassword';
      select count from sys.systables;

      – shutdown the database
      connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

      – try to shutdown the database again. since it is already shutdown, you will get a message saying it can't be found.
      connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

      – now try to boot with bad credentials. you don't get a connection but the database boots.
      connect 'jdbc:derby:db;user=alice;password=alicepassword;bootPassword=foobarwibblewombat';
      select count from sys.systables;

      – the shutdown command succeeds because alice managed to boot the database
      – even though she isn't a legal user.
      connect 'jdbc:derby:db;shutdown=true;user=test_dbo;password=test_dbopassword';

        Issue Links

          Activity

          Rick Hillegas created issue -
          Rick Hillegas made changes -
          Field Original Value New Value
          Link This issue is related to DERBY-2736 [ DERBY-2736 ]
          Rick Hillegas made changes -
          Link This issue is related to DERBY-5969 [ DERBY-5969 ]
          Rick Hillegas made changes -
          Link This issue relates to DERBY-5792 [ DERBY-5792 ]
          Rick Hillegas made changes -
          Rick Hillegas made changes -
          Issue & fix info Repro attached [ 10424 ] Patch Available,Repro attached [ 10102, 10424 ]
          Rick Hillegas made changes -
          Rick Hillegas made changes -
          Rick Hillegas made changes -
          Link This issue relates to DERBY-2407 [ DERBY-2407 ]
          Rick Hillegas made changes -
          Link This issue relates to DERBY-4447 [ DERBY-4447 ]
          Rick Hillegas made changes -
          Issue & fix info Patch Available,Repro attached [ 10102, 10424 ] Repro attached [ 10424 ]
          Rick Hillegas made changes -
          Labels derby_triage10_11
          Gavin made changes -
          Workflow jira [ 12731837 ] Default workflow, editable Closed status [ 12802899 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Rick Hillegas
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Development