Rick Hillegas wrote:
[snip]
DERBY-2109 reduces our exposure to denial-of-service (and possible theft
and corruption) attacks
What are the possible theft and corruption attacks?
[snip]
1) If the customer has written their own security policy file (the usual
and recommended situation), then the customer will need to add some
extra permissions to that policy file.
2) In order to bring down the server using NetworkServerControl, the
customer will need to supply username/password credentials.
> I regard (2) as the fix to some serious bugs.
It might be useful to think about these as two separate issues, it's
really an implementation detail that DERBY-2109 addresses both of them.
Item 2) does fix a bug (has it been reported as a Jira issue?) where
unauthenticated users can shutdown a network server and database engine.
So Item 2) could be fixed without system authorization (DERBY-2109)
changes, thus the justification for introducing 2) as a backwards
compatibility issue might be different to introducing 1).
Dan.
