This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 105356 - Allow users to start Derby Network Server with authentication enabled
Summary: Allow users to start Derby Network Server with authentication enabled
Status: NEW
Alias: None
Product: db
Classification: Unclassified
Component: Derby (show other bugs)
Version: 6.x
Hardware: All All
: P3 blocker (vote)
Assignee: Libor Fischmeistr
Depends on:
Reported: 2007-06-01 04:38 UTC by David Vancouvering
Modified: 2013-08-01 12:53 UTC (History)
0 users

See Also:
Exception Reporter:


Note You need to log in before you can comment on or make changes to this bug.
Description David Vancouvering 2007-06-01 04:38:51 UTC
Currently we start the Derby Network Server using the default configuration. 
The default configuration for Derby 10.1 is to use no authentication.

That means I can start the server using any user or password and successfully
connect.  This is kind of nice, but it does leave the system vulnerable.  The
risk is minor because the server only accepts connections from the local host. 
But it still offers the opportunity for misuse.

This request is to investigate and possibly implement a change where we enable
authentication by default.

I will write a short spec describing what this would look like and link it to
this issue.
Comment 1 David Vancouvering 2007-06-01 17:44:36 UTC
The URL has the beginnings of a spec.  I'm putting this on hold for now...
Comment 2 Jiri Rechtacek 2009-10-16 14:07:30 UTC
Reassigned to new owner.