[
https://issues.apache.org/jira/browse/DERBY-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12599285#action_12599285
]
Knut Anders Hatlen commented on DERBY-3681:
-------------------------------------------
The changes in derby-3681-2 look good. Thanks Dag! +1 to commit.
> When authenticating a user at connect time, verify that the user provided is
> not also a defined role name.
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3681
> URL: https://issues.apache.org/jira/browse/DERBY-3681
> Project: Derby
> Issue Type: Sub-task
> Components: Security
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3681-1.diff, derby-3681-1.stat, derby-3681-2.diff,
> derby-3681-2.stat
>
>
> Although we try to avoid creating role that are not also valid Derby users
> (see DERBY-3673), we cannot
> in general know for sure that no such user exists; it could be added to
> derby.properties after
> the role has been created, authentication could be LDAP or user-defined, in
> which cases
> the check at role creation time will not work. So, in order to avoid
> collisions between user identifiers and role identifiers, we shoudl check at
> connect time that there is no role by same name as the supplied user name.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
