[
https://issues.apache.org/jira/browse/DERBY-5636?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13238386#comment-13238386
]
Rick Hillegas commented on DERBY-5636:
--------------------------------------
Hi Kim,
The changes so far look good. +1 to commit them.
I'm not sure about why we have the section titled "Notes on the Derby security
features". Its purpose might be to alert users to vulnerabilities which Derby
does not address and which the application is responsible for addressing. I
don't know what "trolling for objects" means. The vulnerabilities I understand
seem to boil down to these problems:
1) If someone gets physical access to your database (e.g., they are able to
copy it onto their own disk), then they can subvert all other security
mechanisms given enough time. Your best Derby defense against this exploit is
to encrypt the data. However, if the encryption can be broken, then the data is
vulnerable. I don't know what the application can do about this problem other
than "try not to let this happen."
2) There are no authorization checks for system-wide operations. Anyone who can
authenticate at the system level enjoys god-like powers to shutdown the engine
and restore databases. Your best Derby defense here is to limit the number of
users who can authenticate at the system level. This is easy to do with NATIVE
authentication: just put 1 superuser in the system-wide credentials db and
store the database-specific users in their respective databases. You can do
this with LDAP by using different LDAP servers for system-wide and
database-specific authentication.
Thanks,
-Rick
> Improve the overview of Derby's security mechanisms
> ---------------------------------------------------
>
> Key: DERBY-5636
> URL: https://issues.apache.org/jira/browse/DERBY-5636
> Project: Derby
> Issue Type: Improvement
> Components: Documentation
> Affects Versions: 10.9.0.0
> Reporter: Rick Hillegas
> Assignee: Kim Haase
> Attachments: DERBY-5636.diff, DERBY-5636.stat, DERBY-5636.zip
>
>
> The documentation on Derby's security mechanisms is scattered across several
> manuals. This makes it hard for developers to figure out which security
> mechanisms are relevant for a given application. Here are 3 places where
> security documentation appears:
> 1) In the Developer's Guide section titled "Derby and security"
> 2) In the Admin Guide section titled "Derby Network Server advanced topics"
> 3) In the Reference Manual section titled "Derby properties" as well as the
> syntax sections on GRANT, REVOKE, CREATE/DROP ROLE, and CREATE
> FUNCTION/PROCEDURE.
> It would be good to add a section which points the developer at all of this
> material. It might be sufficient to rewrite the top level "Derby and
> security" page of the Developer's Guide. The following white paper may help
> organize our thoughts about this:
> http://www.oracle.com/technetwork/java/javadb/securitywhitepaper10-159253.pdf
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
