[jira] Updated: (DERBY-1056) Print a security warning to derby.log and network server console if network server is started with remote connections enabled and security manager, user authentication, and ecrypted userid are not on

[Kathey Marsden (JIRA)]

     [ http://issues.apache.org/jira/browse/DERBY-1056?page=all ]

Kathey Marsden updated DERBY-1056:
----------------------------------

    Fix Version:     (was: 10.2.0.0)

Changing fix version to unknown as I do not plan to fix this personally  for 
10.2.  I do think however that  there is not a good awareness in the user 
community of the security risks associated with starting Network server with -h 
0.0.0.0 to allow remote connections  and not enabling authentication, running 
under security manager and using encrypted userid/password (not even available 
with most JVMS.)  I do hope someone else will pick this issue up and that   
DERBY-528  will make it into 10.2 to help mitigate these security issues.
 

> Print a security warning to derby.log and network server console if network 
> server is started with remote connections enabled and security manager, user 
> authentication, and ecrypted userid are not on
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>          Key: DERBY-1056
>          URL: http://issues.apache.org/jira/browse/DERBY-1056
>      Project: Derby
>         Type: Improvement

>   Components: Network Server, Security
>     Versions: 10.1.2.1
>     Reporter: Kathey Marsden

>
> Information and questions from the user list seem to indicate that often 
> users enable remote connections by starting  network server with the -h 
> 0.0.0.0  or -h <machinename> option without taking proper security measures.  
>   I think it would be worthwhile to print a security warning the console and 
> derby.log if network server is starated without the proper security in place.
> Serious security issues exist when starting network server and allowing 
> remote connections unless users:
> - Run in security manager with permissions restricted as much as possible.
> - Enable user authentication
> - Use encrypted userid/password (Currently only available with IBMJCE)
> -  Maybe also print a warning if bootPassword is sent in the 
> connectionAttributes, since this cannot be encrypted.  (I had thought there 
> was a jira issue for this but can't find it.)
> An example of such an attack might include creating databases  until the host 
> machine disk filled up, deleting all user data etc.
> Related issues:
> DERBY-65
> DERBY-474
> DERBY -528
> DERBY-962

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira