Daniel John Debrunner wrote:
Rick Hillegas wrote:
[snip]
DERBY-2109 reduces our exposure to denial-of-service (and possible
theft and corruption) attacks
What are the possible theft and corruption attacks?
Hi Dan,
These may come into play when we allow anyone to create a database and
thereby become a DBO. I think we have made progress in shielding Derby
from theft and corruption attacks by DBOs. Probably there is more work
to be done here.
Regards,
-Rick
[snip]
1) If the customer has written their own security policy file (the
usual and recommended situation), then the customer will need to add
some extra permissions to that policy file.
2) In order to bring down the server using NetworkServerControl, the
customer will need to supply username/password credentials.
> I regard (2) as the fix to some serious bugs.
It might be useful to think about these as two separate issues, it's
really an implementation detail that DERBY-2109 addresses both of them.
Item 2) does fix a bug (has it been reported as a Jira issue?) where
unauthenticated users can shutdown a network server and database engine.
So Item 2) could be fixed without system authorization (DERBY-2109)
changes, thus the justification for introducing 2) as a backwards
compatibility issue might be different to introducing 1).
Dan.
