[
https://issues.apache.org/jira/browse/GERONIMO-4878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radim Kolar resolved GERONIMO-4878.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.1.7
> Geronimo doesnt protect access to its Derby databases
> -----------------------------------------------------
>
> Key: GERONIMO-4878
> URL: https://issues.apache.org/jira/browse/GERONIMO-4878
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.1.4
> Reporter: Radim Kolar
> Fix For: 2.1.7
>
>
> run ij tool which comes with eclipse derby plugin and connect to geronimo.
> ij> connect 'jdbc:derby://localhost/SystemDatabase';
> ij> show tables;
> TABLE_SCHEM |TABLE_NAME |REMARKS
> ------------------------------------------------------------------------
> SYS |SYSALIASES |
> SYS |SYSCHECKS |
> SYS |SYSCOLPERMS |
> SYS |SYSCOLUMNS |
> SYS |SYSCONGLOMERATES |
> SYS |SYSCONSTRAINTS |
> SYS |SYSDEPENDS |
> SYS |SYSFILES |
> SYS |SYSFOREIGNKEYS |
> SYS |SYSKEYS |
> SYS |SYSROUTINEPERMS |
> SYS |SYSSCHEMAS |
> SYS |SYSSTATEMENTS |
> SYS |SYSSTATISTICS |
> SYS |SYSTABLEPERMS |
> SYS |SYSTABLES |
> SYS |SYSTRIGGERS |
> SYS |SYSVIEWS |
> SYSIBM |SYSDUMMY1 |
> APP |ACTIVEMQ_ACKS |
> APP |ACTIVEMQ_LOCK |
> APP |ACTIVEMQ_MSGS |
> APP |TIMERTASKS |
> 23 rows selected
> ij>
> no security restrictions are in place. Same for activemq message broker.
> Network listeners should be password protected.
> It would be great to have ability in administration console where we can
> assign security realm protection to particular derby database(s) or queues.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
