System versus Database authentication conflict
----------------------------------------------
Key: DERBY-224
URL: http://issues.apache.org/jira/browse/DERBY-224
Project: Derby
Type: Improvement
Components: Security
Versions: 10.0.2.0
Environment: Windows XP Professional SP1
Reporter: George Baklarz
As a system user (authentication enabled at the system level), it is possible
for someone registered at the database level to prevent me from accessing it
(this was done with BUILTIN authentication).
This occurs because of a conflict between two identical userids. If I create a
system user (sa) with a password of "Derby" and a user at the database level is
created with a userid of sa with a password of "Apache", this user will take
precedence on the connect command to the database.
So there are really two problems here.
(1) Duplicate userids are allowed between system level users and database users
(2) Database userids take precedence over system users.
This may be working as designed, but it surpised me when I couldn't connect to
the database because of an incorrect password. I would have liked the system
userid to connect to all databases even if a local database userid was present.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
