[
https://issues.apache.org/jira/browse/DERBY-3585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Zaun updated DERBY-3585:
-------------------------------
Attachment: releaseNote.html
Attached a new Release Note version with added clarifications:
- "Any client could shut down the server by calling NetworkServerControl with a
shutdown command-line argument or by invoking the shutdown() method (provided
the shutdown was initiated on the host running the server)."
- "Note that additionally checking for a user's shutdown authorization has not
been provided yet."
- "The previous behavior represented a security issue, because any client could
shut down a
network server running with user authentication from the same host without
needing to provide user credentials."
Hope this makes it clearer. Further comments welcome (especially from native
speakers).
> Document user authentication support for network server shutdown
> ----------------------------------------------------------------
>
> Key: DERBY-3585
> URL: https://issues.apache.org/jira/browse/DERBY-3585
> Project: Derby
> Issue Type: Sub-task
> Components: Documentation
> Reporter: Martin Zaun
> Assignee: Martin Zaun
> Fix For: 10.4.0.0
>
> Attachments: releaseNote.html, releaseNote.html, releaseNote.html
>
>
> As part of the System Privileges work in DERBY-2109, the support of user
> authentication for network server shutdown was discussed, implemented, and
> committed (revision 632502).
> In order to address a security issue (missing user authentication for
> shutdown), this feature introduces a few incompatibilities with the usage of
> NetworkServerControl, which need to be documented.
> This JIRA is to provide for the user documentation and the release notes
> describing the usage changes and incompatibilities.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
