Geronimo doesnt protect access to its Derby databases
-----------------------------------------------------
Key: GERONIMO-4878
URL: https://issues.apache.org/jira/browse/GERONIMO-4878
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.1.4
Reporter: Radim Kolar
run ij tool which comes with eclipse derby plugin and connect to geronimo.
ij> connect 'jdbc:derby://localhost/SystemDatabase';
ij> show tables;
TABLE_SCHEM |TABLE_NAME |REMARKS
------------------------------------------------------------------------
SYS |SYSALIASES |
SYS |SYSCHECKS |
SYS |SYSCOLPERMS |
SYS |SYSCOLUMNS |
SYS |SYSCONGLOMERATES |
SYS |SYSCONSTRAINTS |
SYS |SYSDEPENDS |
SYS |SYSFILES |
SYS |SYSFOREIGNKEYS |
SYS |SYSKEYS |
SYS |SYSROUTINEPERMS |
SYS |SYSSCHEMAS |
SYS |SYSSTATEMENTS |
SYS |SYSSTATISTICS |
SYS |SYSTABLEPERMS |
SYS |SYSTABLES |
SYS |SYSTRIGGERS |
SYS |SYSVIEWS |
SYSIBM |SYSDUMMY1 |
APP |ACTIVEMQ_ACKS |
APP |ACTIVEMQ_LOCK |
APP |ACTIVEMQ_MSGS |
APP |TIMERTASKS |
23 rows selected
ij>
no security restrictions are in place. Same for activemq message broker.
Network listeners should be password protected.
It would be great to have ability in administration console where we can assign
security realm protection to particular derby database(s) or queues.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
