[
https://issues.apache.org/jira/browse/DERBY-3585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Zaun updated DERBY-3585:
-------------------------------
Attachment: releaseNote.html
> I found with some experimenting that it also worked to use the user/password
> constructor for start. e.g.
>
> NetworkServerControl nscauth = new NetworkServerControl(user, password);
> nscauth.start();
> ...
> nscauth.shutdown();
>
> Is that an acceptable workaround?
Definitely, and I meant this to be covered by list item #2. But since this is a
major use case, I made it explicit and updated the releaseNote.html.
Hope this makes it clearer.
> Are there plans for the future to add authentication checks to start?
That makes sense to me, though it would introduce a few more (minor) usage
incompatibilities.
In any case we should address the asymmetry of requiring user credentials to
shutdown a server but not to start one.
While we could relax the credentials requirement for shutdown, it appears
easiest to me to have but one rule: when running with user authentication,
users need to provide credentials to be able to do any server administration
action.
Note that there is another post 10.4 brainstorming item of how to reconcile
certificate-based authentication scheme (JMX) with user/password requirements
(dual or single logins).
> Document user authentication support for network server shutdown
> ----------------------------------------------------------------
>
> Key: DERBY-3585
> URL: https://issues.apache.org/jira/browse/DERBY-3585
> Project: Derby
> Issue Type: Sub-task
> Components: Documentation
> Reporter: Martin Zaun
> Assignee: Martin Zaun
> Fix For: 10.4.0.0
>
> Attachments: releaseNote.html, releaseNote.html
>
>
> As part of the System Privileges work in DERBY-2109, the support of user
> authentication for network server shutdown was discussed, implemented, and
> committed (revision 632502).
> In order to address a security issue (missing user authentication for
> shutdown), this feature introduces a few incompatibilities with the usage of
> NetworkServerControl, which need to be documented.
> This JIRA is to provide for the user documentation and the release notes
> describing the usage changes and incompatibilities.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
