Rick Hillegas wrote:
Hi Mike,
Some comments inline...
On 9/19/11 10:38 AM, Mike Matrigali wrote:
I am not sure how it applies to all of these points, but I am
wondering if secure by default should be implemented on a per database
basis rather than a system level basis? It seems wierd that security
could
change based on how the next embedded startup set a flag.
I think that it should behave like derby.database.sqlAuthorization: once
it's been turned on it is stored in the database and you can't turn it
off at the system level. I agree that it would be weird to let the next
user subvert the security of your database by flipping a command line
switch.
I am trying to understand what happens when we change the default and a
user upgrades to 11 and starts up on there existing database that has no
authentication or authorization enabled. What is the proposed soft
upgrade behavior? What is the proposed hard upgrade behavior?
This is a development detail but what is proposed for the existing derby
set of tests, which I have to assume are about 99% not authenticated or
authorized? Would we implement a way to run them both ways? Convert
them all or most to run under new default?
