[jira] [Commented] (DERBY-6234) Remove references to BUILTIN authentication from the user guides

Mon, 17 Feb 2014 13:06:06 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-6234?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13903504#comment-13903504
 ] 

Rick Hillegas commented on DERBY-6234:
--------------------------------------

Hi Kim. Here are some responses:

> "Shutting down Derby or an individual database" (tdevdvlp40464.dita): remove 
> note. Does the preceding paragraph need changes?

That paragraph looks ok to me. The credentials can be defined at the system 
level regardless of the authentication scheme you use.

> Are the topics "SYSCS_UTIL.SYSCS_SET_USER_ACCESS system procedure" 
> (rrefsetuseraccess.dita), "derby.database.fullAccessUsers" 
> (rrefproper25025.dita), and "derby.database.readOnlyAccessUsers" 
> (rrefproper39325.dita) relevant to non-BUILTIN authentication? The 
> Developer's Guide says they are not relevant "if you use SQL authorization 
> (the default with NATIVE authentication)". Are they relevant to LDAP or 
> class-based authentication? (There are some Dev Guide topics that mention 
> these properties also.)

Hm. Where does the Developer's Guide say that coarse-grained authorization is 
not relevant if you use fine-grained authorization? I don't think that is true. 
I think that the two authorization schemes are independent of one another. Of 
course, they both require you to have some notion of who the user is, so they 
both depend on your having enabled SQL authentication.

Hope this helps,
-Rick

> Remove references to BUILTIN authentication from the user guides
> ----------------------------------------------------------------
>
>                 Key: DERBY-6234
>                 URL: https://issues.apache.org/jira/browse/DERBY-6234
>             Project: Derby
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 10.11.0.0
>            Reporter: Rick Hillegas
>            Assignee: Kim Haase
>
> BUILTIN authentication is a scheme suitable only for regression tests. Many 
> security problems make it inappropriate for production use. To avoid 
> confusion and prevent users from selecting this insecure authentication 
> scheme, we should remove references to it from our user documentation.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to