[
https://issues.apache.org/jira/browse/DERBY-3271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551020
]
John H. Embretsen commented on DERBY-3271:
------------------------------------------
I created a new issue, DERBY-3272, could this be what you are seeing?
Details:
If the password, when stored as a database property, is also defined on the
command line, the password will be stored in cleartext in the database (a bug).
Then, on the next connection when the supplied password is compared against the
password in the database, Derby creates a hash from the supplied password and
compares it to what's in the database. Obviously, if the database stores
cleartext, the values won't match.
> Using BUILTIN authentication, I can't log in as database creator after
> storing credentials in the database.
> -----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3271
> URL: https://issues.apache.org/jira/browse/DERBY-3271
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.1.4
> Reporter: Rick Hillegas
> Attachments: Derby3271Repro.java
>
>
> Using builtin authentication I am able to create a database and store
> credentials for 2 users: the original database creator and a second user.
> After that, I am able to reconnect as the second user but not as the original
> database creator. My test case follows.
> ------------------------------
> Here is my command for running ij with authentication turned on:
> java \
> -cp $CLASSPATH \
> -Dderby.stream.error.logSeverityLevel=0 \
> \
> -Dderby.connection.requireAuthentication=true \
> -Dderby.authentication.provider=BUILTIN \
> -Dderby.user.builtindba=dummypassword \
> \
> org.apache.derby.tools.ij myscript.sql
> Here is the first run of my script. This creates the database and stores
> credentials for 2 users, including the connected user:
> ij version 10.4
> ij> --
> -- First try to connect as builtindba.
> --
> connect
> 'jdbc:derby:derby_builtin;create=true;user=builtindba;password=dummypassword';
> ij> --
> -- If I can't connect as builtindba, try connecting as fred.
> --
> connect 'jdbc:derby:derby_builtin;create=true;user=fred;password=wilma';
> ERROR 08004: Connection authentication failure occurred. Reason: Invalid
> authentication..
> ij> --
> -- Store passwords in the database where they will be encrypted.
> --
> call syscs_util.syscs_set_database_property( 'derby.user.builtindba',
> 'dummypassword' );
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_set_database_property( 'derby.user.fred', 'wilma' );
> 0 rows inserted/updated/deleted
> ij> values current_user;
> 1
>
> --------------------------------------------------------------------------------------------------------------------------------
> BUILTINDBA
>
> 1 row selected
> Here is the second run of my script. This fails to connect as the original
> user but succeeds as the other user:
> ij version 10.4
> ij> --
> -- First try to connect as builtindba.
> --
> connect
> 'jdbc:derby:derby_builtin;create=true;user=builtindba;password=dummypassword';
> ERROR 08004: Connection authentication failure occurred. Reason: Invalid
> authentication..
> ij> --
> -- If I can't connect as builtindba, try connecting as fred.
> --
> connect 'jdbc:derby:derby_builtin;create=true;user=fred;password=wilma';
> WARNING 01J01: Database 'derby_builtin' not created, connection made to
> existing database instead.
> ij> --
> -- Store passwords in the database where they will be encrypted.
> --
> call syscs_util.syscs_set_database_property( 'derby.user.builtindba',
> 'dummypassword' );
> 0 rows inserted/updated/deleted
> ij> call syscs_util.syscs_set_database_property( 'derby.user.fred', 'wilma' );
> 0 rows inserted/updated/deleted
> ij> values current_user;
> 1
>
> --------------------------------------------------------------------------------------------------------------------------------
> FRED
>
> 1 row selected
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
