Daniel John Debrunner wrote:
Rick Hillegas wrote:
2) In order to bring down the server using NetworkServerControl, the
customer will need to supply username/password credentials.
> I regard (2) as the fix to some serious bugs.
It might be useful to think about these as two separate issues, it's
really an implementation detail that DERBY-2109 addresses both of them.
Item 2) does fix a bug (has it been reported as a Jira issue?) where
unauthenticated users can shutdown a network server and database engine.
So Item 2) could be fixed without system authorization (DERBY-2109)
changes, thus the justification for introducing 2) as a backwards
compatibility issue might be different to introducing 1).
Looking at this more it seems that item 2) only partially fixes the bug.
If the server has system authentication but no security manager then
from a reading of the spec and the initial e-mail in this thread then
the bug remains. We may want to consider closing this security hole
regardless of if there is a security manager. This then of course would
change the backwards compatibility statement a little.
Dan.
