[
https://issues.apache.org/jira/browse/DERBY-3681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik resolved DERBY-3681.
----------------------------------
Resolution: Fixed
Derby Info: (was: [Patch Available])
Thanks, Knut. Committed patch derby-3681-2 as svn 659543, resolving.
> When authenticating a user at connect time, verify that the user provided is
> not also a defined role name.
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3681
> URL: https://issues.apache.org/jira/browse/DERBY-3681
> Project: Derby
> Issue Type: Sub-task
> Components: Security
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3681-1.diff, derby-3681-1.stat, derby-3681-2.diff,
> derby-3681-2.stat
>
>
> Although we try to avoid creating role that are not also valid Derby users
> (see DERBY-3673), we cannot
> in general know for sure that no such user exists; it could be added to
> derby.properties after
> the role has been created, authentication could be LDAP or user-defined, in
> which cases
> the check at role creation time will not work. So, in order to avoid
> collisions between user identifiers and role identifiers, we shoudl check at
> connect time that there is no role by same name as the supplied user name.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
