Daniel John Debrunner wrote:
Rick Hillegas wrote:
Daniel John Debrunner wrote:
Rick Hillegas (JIRA) wrote:
[
https://issues.apache.org/jira/browse/DERBY-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12565836#action_12565836
]
Rick Hillegas commented on DERBY-1387:
--------------------------------------
I believe the reason that I was not able to connect at the end of
my experiment was this: the server was actually brought down.
Again, without presenting credentials, this seems like the wrong
behavior to me.
Isn't that Derby's behaviour at the moment, shutting the network
server down does not enforce authentication? Security enforcement
should not be the role of the JMX mbeans.
Dan.
Right. I think there are at least two authentication issues here. One
is the current behavior of the network server (the bug which will be
addressed by Martin's work on DERBY-2109). The other issue is the
fact that the current DERBY-1387 patch lets you get your hands on the
server and system MBeans without presenting credentials. It's that
latter issue which I'm talking about here.
What would be the issue with getting access to those mbeans without
authentication? Just trying to understand the concern.
Dan.
As currently implemented, via JConsole these MBeans allow anyone with a
valid account on the server machine to view and change settings which
only the System Administrator can view and change today. That seems like
a security hole to me.
Regards,
-Rick
