[
https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12564832#action_12564832
]
djd edited comment on DERBY-1387 at 2/1/08 9:33 AM:
----------------------------------------------------------------------
Can authenticateAsUser(String user, String password) in the database bean be
explained more fully?
Is there a single database bean for a database, or is a new one created for
each jmx session or connection (not sure of correct term here)?
If there is a single bean for a database then this authenticateAsUser seems to
open up a big security hole, once this operation is made any other valid jmx
user can reconfigure the database, even if they don't have valid database
permissions.
Or can the authentication information be limited to a single jmx session, even
with a single bean?
Also, why is authenticateAsUser limited to the BUILTIN authentication scheme,
since it is just providing user/password to a connection request won't it be
independent of the authentication scheme in effect?
was (Author: djd):
Can authenticateAsUser(String user, String password) in the database bean
be explained more fully?
Is there a single database bean for a database, or is a new one created for
each jmx session or connection (not sure of correct term here)?
If there is a single bean for a database then this authenticateAsUser seems to
open up a big security hole, once this operation is made any other valid jmx
user can reconfigure the database, even if they don't have valid database
permissions.
Or can the authentication information be limited to a single jmx session, even
with a single bean?
Also, why is authenticateAsUser limited to the BUILTIN authentication scheme,
since it is just providing user/password to a connection request won't it be
independent of the authorization scheme in effect?
> Add JMX extensions to Derby
> ---------------------------
>
> Key: DERBY-1387
> URL: https://issues.apache.org/jira/browse/DERBY-1387
> Project: Derby
> Issue Type: New Feature
> Components: Services
> Reporter: Sanket Sharma
> Assignee: John H. Embretsen
> Attachments: DERBY-1387-1.diff, DERBY-1387-1.stat, DERBY-1387-2.diff,
> DERBY-1387-2.stat, DERBY-1387-3.diff, DERBY-1387-3.stat, DERBY-1387-4.diff,
> DERBY-1387-4.stat, DERBY-1387-5.diff, DERBY-1387-5.stat, DERBY-1387-6.zip,
> DERBY-1387-7.zip, DERBY-1387-8.zip, DERBY-1387-9.diff, DERBY-1387-9.stat,
> derbyjmx.patch, jmx.diff, jmx.stat, jmxFuncspec.html, jmxFuncspec.html,
> Requirements for JMX Updated.html, Requirements for JMX.html, Requirements
> for JMX.zip
>
>
> This is a draft requirement specification for adding monitoring and
> management extensions to Apache Derby using JMX. The requirements document
> has been uploaded on JIRA as well as the Derby Wiki page at
> http://wiki.apache.org/db-derby/_Requirement_Specifications_for_Monitoring_%26_Management_Extensions_using_JMX
> Developers and Users are requested to please look at the document (feature
> list in particular) and add their own rating to features by adding a coloumn
> to the table.
> Comments are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
