Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-866

Derby User Management Enhancements

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.2.1.6
    • 10.9.1.0
    • Services
    • None
    • Normal
    • Patch Available
    • Security

    Description

      Proposal to enhance Derby's Built-In DDL User Management. (See proposal spec attached to the JIRA).

      Abstract:

      This feature aims at improving the way BUILT-IN users are managed in Derby by providing a more intuitive and familiar DDL interface. Currently (in 10.1.2.1), Built-In users can be defined at the system and/or database level. Users created at the system level can be defined via JVM or/and Derby system properties in the derby.properties file. Built-in users created at the database level are defined via a call to a Derby system procedure (SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY) which sets a database property.

      Defining a user at the system level is very convenient and practical during the development phase (EOD) of an application - However, the user's password is not encrypted and consequently appears in clear in the derby.properties file. Hence, for an application going into production, whether it is embedded or not, it is preferable to create users at the database level where the password is encrypted.

      There is no real ANSI SQL standard for managing users in SQL but by providing a more intuitive and known interface, it will ease Built-In User management at the database level as well as Derby's adoption.

      Attachments

        1. releaseNote.html
          4 kB
          Richard N. Hillegas
        2. derby-866-24-aa-dboMustTurnOnSecurity.diff
          5 kB
          Richard N. Hillegas
        3. derby-866-23-aa-improveErrorMessages.diff
          2 kB
          Richard N. Hillegas
        4. UserManagement.html
          36 kB
          Richard N. Hillegas
        5. derby-866-22-aa-dboFirst.diff
          50 kB
          Richard N. Hillegas
        6. derby-866-21-ab-emptyCredentials.diff
          10 kB
          Richard N. Hillegas
        7. derby-866-21-aa-emptyCredentials.diff
          8 kB
          Richard N. Hillegas
        8. releaseNote.html
          4 kB
          Richard N. Hillegas
        9. derby-866-20-ab-npeAndUserProbing.diff
          5 kB
          Richard N. Hillegas
        10. derby-866-20-aa-npeAndUserProbing.diff
          6 kB
          Richard N. Hillegas
        11. derby-866-19-aa-replicationTest.diff
          20 kB
          Richard N. Hillegas
        12. derby-866-18-aa-encryptedCredentialsDB.diff
          31 kB
          Richard N. Hillegas
        13. UserManagement.html
          34 kB
          Richard N. Hillegas
        14. derby-866-17-aa-grantRevokeNative.diff
          6 kB
          Richard N. Hillegas
        15. derby-866-16-aa-credDBViaSubprotocol.diff
          15 kB
          Richard N. Hillegas
        16. derby-866-15-ae-dbInJarFileOrOnClasspath.diff
          34 kB
          Richard N. Hillegas
        17. derby-866-14-ac-badNativeSpec.diff
          13 kB
          Richard N. Hillegas
        18. derby-866-13-ab-systemWideOperationTests.diff
          14 kB
          Richard N. Hillegas
        19. UserManagement.html
          33 kB
          Richard N. Hillegas
        20. derby-866-12-ac-passwordExpiration.diff
          23 kB
          Richard N. Hillegas
        21. derby-866-11-aa-upgradeTest.diff
          5 kB
          Richard N. Hillegas
        22. derby-866-10-ac-propChanging.diff
          30 kB
          Richard N. Hillegas
        23. derby-866-09-ae-nativeAuthenticationServiceWithTests.diff
          67 kB
          Richard N. Hillegas
        24. derby-866-09-ad-nativeAuthenticationService.diff
          40 kB
          Richard N. Hillegas
        25. derby-866-08-ad-passwordHasher.diff
          45 kB
          Richard N. Hillegas
        26. derby-866-08-ab-passwordHasher.diff
          40 kB
          Richard N. Hillegas
        27. derby-866-08-aa-passwordHasher.diff
          40 kB
          Richard N. Hillegas
        28. derby-866-07-aa-removeSQLPassword.diff
          45 kB
          Richard N. Hillegas
        29. derby-866-06-aa-upgradeFrom10.1.diff
          0.7 kB
          Richard N. Hillegas
        30. derby-866-05-aa-grantRevoke.diff
          2 kB
          Richard N. Hillegas
        31. derby-866-04-aa-fixRolesTest.diff
          2 kB
          Richard N. Hillegas
        32. derby-866-03-ab-resetModifyPassword.diff
          21 kB
          Richard N. Hillegas
        33. UserManagement.html
          31 kB
          Richard N. Hillegas
        34. derby-866-03-aa-resetModifyPassword.diff
          20 kB
          Richard N. Hillegas
        35. derby-866-02-ag-createDropUser.diff
          68 kB
          Richard N. Hillegas
        36. derby-866-01-ab-sysusers.diff
          50 kB
          Richard N. Hillegas
        37. derby-866-01-aa-sysusers.diff
          48 kB
          Richard N. Hillegas
        38. UserManagement.html
          25 kB
          Richard N. Hillegas
        39. UserManagement.html
          22 kB
          Richard N. Hillegas
        40. dummyCredentials.properties
          0.1 kB
          Richard N. Hillegas
        41. DummyAuthenticator.java
          3 kB
          Richard N. Hillegas
        42. UserManagement.html
          16 kB
          Richard N. Hillegas
        43. Derby_User_Enhancement_v1.1.html
          8 kB
          Francois Orsini
        44. Derby_User_Enhancement.html
          7 kB
          Francois Orsini

        Issue Links

          incorporates

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5607 Deadlock in Java 5 VM when using NATIVE authentication with a client running in the same VM as the server

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5522 Document the NATIVE authentication scheme.

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-2470 No authentication required to restore a backup

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5651 Protocol error when connecting to db with NATIVE authentication using strong password substitution

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5615 NPE in Store when running SELECT in a read-only database accessed via the classpath subprotocol when authentication, authorization, and Java security are turned on

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5618 On Windows, orderly engine shutdown does not release the file handle on a jar file containing a database which was booted using the classpath subprotocol

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5744 Native user authentication: syscs_util.syscs_create_user allows too long user names

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5747 Native user authentication: Docs do not describe what happens to schema and its SQL objects on SYSCS_UTIL.SYSCS_DROP_USER call

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6221 Can't select from SYS.SYSUSERS if you use a WHERE clause in the query

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5647 NATIVE warns about password expiry for DBO

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5548 Implement a GRANT/REVOKE scheme for authorizing system-wide operations

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-3282 Add a mechanism for managing users in Derby

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5762 Consider storing a normalized authorization id in SYS.SYSUSERS in order to make NATIVE procedures follow the same casing conventions for usernames which we use on connection urls

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5763 Reference Guide should note the new casing rules for the USERNAME arguments to the NATIVE procedures

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5768 Remove references to NATIVE::LOCAL from Derby error messages.

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5648 Unclear password expiry warning when using separate credentials db

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5657 Message XCY05 for NATIVE authentication is (too?) complex

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5658 Regularize capitalization in error messages for NATIVE authentication

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5741 Native user authentication: improve checking of syntax

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5580 NativeAuthenticationServiceTest getting multiple errors trying to delete files/directories during teardown

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-5652 Assert failure when bootstrapping NATIVE with invalid provider string

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5748 Native user authentication: SYSCS_UTIL.SYSCS_MODIFY_PASSWORD accepts old password

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5742 Native user authentication: improve wording of error message

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-5644 Typo in error message for NATIVE authentication

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              rhillegas Richard N. Hillegas
              forsini Francois Orsini
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: