[
https://issues.apache.org/jira/browse/DERBY-1828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12492687
]
Daniel John Debrunner commented on DERBY-1828:
----------------------------------------------
Just on this one:
> Currently in SQLState:
> AUTH_INVALID_USER_NAME = "28502.C";
> The message for this is "The user name '{0}' is not valid." Another case of
> 08004?
I think this remains as 28xxx, it's for the format of the user identifier being
invalid, not that the user is not a valid user in the set of authenticated
users.
For an authentication failure Derby reports just that authentication failed.
Systems should not report what specifically failed in an authentication
check, e.g. password is incorrect or user not known by the system. That
provides more information for someone trying to break into the system.
> Access rule violations should use a SQL state starting with '42' according to
> the SQL standard.
> -----------------------------------------------------------------------------------------------
>
> Key: DERBY-1828
> URL: https://issues.apache.org/jira/browse/DERBY-1828
> Project: Derby
> Issue Type: Bug
> Components: JDBC
> Affects Versions: 10.2.1.6, 10.3.0.0
> Reporter: Daniel John Debrunner
> Assigned To: Jørgen Løland
> Attachments: DERBY-1828-1.diff, DERBY-1828-1.stat
>
>
> The SQL standard says that SQL State '42' is for "syntax error or access
> rule violation" (section 23.1).
> There is a question of what JDBC 4.0 exception should be thrown for a access
> rule violation,
> JDBC 4.0 maps '42' to SQLSyntaxErrorException which seems wrong for an access
> rule.
> Message thread:
> http://mail-archives.apache.org/mod_mbox/db-derby-dev/200609.mbox/[EMAIL
> PROTECTED]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
