[
https://issues.apache.org/jira/browse/DERBY-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik updated DERBY-3681:
---------------------------------
Attachment: derby-3681-2.stat
derby-3681-2.diff
derby-3681-2 addresses Knuts comments for RoleTest.
Regressions ran OK for version 1 of the patch, and I tested RolesTest over
again,
so if there are no further comments it should be ready for commit.
> When authenticating a user at connect time, verify that the user provided is
> not also a defined role name.
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3681
> URL: https://issues.apache.org/jira/browse/DERBY-3681
> Project: Derby
> Issue Type: Sub-task
> Components: Security
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3681-1.diff, derby-3681-1.stat, derby-3681-2.diff,
> derby-3681-2.stat
>
>
> Although we try to avoid creating role that are not also valid Derby users
> (see DERBY-3673), we cannot
> in general know for sure that no such user exists; it could be added to
> derby.properties after
> the role has been created, authentication could be LDAP or user-defined, in
> which cases
> the check at role creation time will not work. So, in order to avoid
> collisions between user identifiers and role identifiers, we shoudl check at
> connect time that there is no role by same name as the supplied user name.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
