[
https://issues.apache.org/jira/browse/DERBY-5648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13227599#comment-13227599
]
Rick Hillegas commented on DERBY-5648:
--------------------------------------
Thanks for logging this issue Knut. Here are some options for clarifying this
error situation:
1) The error message could contain the name of the database whose credentials
are expiring. If the warning is raised because credentials are expiring for a
system-wide operation (like engine shutdown), then the name of the system-wide
credentials db will be revealed. I don't know if that is a problem but I
suppose someone might consider that to be a security risk.
2) We could use different error text depending on whether the credentials are
expiring in a system-wide credentials db or in the local db. Something like:
"Your password will expire in 0 day(s). Please use the
SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change your password in the
system-wide credentials database."
vs.
"Your password will expire in 0 day(s). Please use the
SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change your password in this
database."
Thanks,
-Rick
> Unclear password expiry warning when using separate credentials db
> ------------------------------------------------------------------
>
> Key: DERBY-5648
> URL: https://issues.apache.org/jira/browse/DERBY-5648
> Project: Derby
> Issue Type: Improvement
> Components: Services
> Affects Versions: 10.9.0.0
> Reporter: Knut Anders Hatlen
> Priority: Minor
>
> If you log on to a database (other than the credentials db) and your password
> is about to expire, you'll be advised to change your password using the
> SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure. However, the warning message does
> not say you need to log on to the credentials db to change your password.
> This may lead the user to modify the password in the current database instead
> of the credentials database, thinking everything is well.
> ij(CONNECTION1)> connect 'jdbc:derby:otherdb;user=test;password=abc';
> WARNING 01J15: Your password will expire in 0 day(s). Please use the
> SYSCS_UTIL.SYSCS_MODIFY_PASSWORD procedure to change your password.
> ij(CONNECTION2)> CALL SYSCS_UTIL.SYSCS_MODIFY_PASSWORD('new-password');
> 0 rows inserted/updated/deleted
> ij(CONNECTION2)> connect 'jdbc:derby:otherdb;user=test;password=new-password';
> ERROR 08004: Connection authentication failure occurred. Reason: Invalid
> authentication..
> Even though SYSCS_MODIFY_PASSWORD succeeds, the password has not been updated
> in the credentials db.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
