[
https://issues.apache.org/jira/browse/DERBY-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12541012
]
Bernt M. Johnsen commented on DERBY-3186:
-----------------------------------------
Thanks Dan. If an external authentication provider is defined (either LDAP or a
class name), it will of course be possible to define the needed users after the
fact, and the database eill be accessible/manageable when that is done.
> Do not allow the user to create inaccessible databases
> ------------------------------------------------------
>
> Key: DERBY-3186
> URL: https://issues.apache.org/jira/browse/DERBY-3186
> Project: Derby
> Issue Type: Improvement
> Reporter: Bernt M. Johnsen
>
> When dealing with users and properties, it is possible to create inaccessible
> or unmanageable databases. This happens only (I think) when
> derby.database.propertiesOnly is set to true.
> checks should be implemented to avoid that. Examples:
> The user should not be allowed to set both derby.database.propertiesOnly and
> derby.connection.requireAuthentication on database level without having
> defined any users on the database level. A database with both these
> properties set and no users will be inaccessible.
> The user should not be allowed to set derby.database.propertiesOnly,
> derby.connection.requireAuthentication and derby.database.sqlAuthorization
> without the current user (which will be the database owner) defined on the
> database level. A database with this settings may not be managed (properties
> may not be changed, users may not be created or deleted).
> Note that its much easier to create these situations with GUI interfaces
> (e.g. JConsole and JMX) than with the tedious editing of property calls and
> sql system routines that we currently offer.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
