[
https://issues.apache.org/jira/browse/DERBY-2736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik updated DERBY-2736:
---------------------------------
Component/s: Services
> Connecting with an invalid user identifier performs authentication before
> rejecting the connection.
> ---------------------------------------------------------------------------------------------------
>
> Key: DERBY-2736
> URL: https://issues.apache.org/jira/browse/DERBY-2736
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1,
> 10.2.1.6, 10.2.2.0, 10.3.1.4
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> Ideally no authentication attempt should be made because the user identifier
> is invalid.
> E.g. with this URL
> jdbc:derby:db1;user=123
> the connection attempt will correctly fail but only after the authentication
> mechanism is called.
> If the application has installed its own UserAuthenticator class then that
> class will be called with an invalid identifier.
> I believe that the connection request should fail before calling any
> authentication, developers should only be required
> to handle valid identifiers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
