This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Currently we start the Derby Network Server using the default configuration. The default configuration for Derby 10.1 is to use no authentication. That means I can start the server using any user or password and successfully connect. This is kind of nice, but it does leave the system vulnerable. The risk is minor because the server only accepts connections from the local host. But it still offers the opportunity for misuse. This request is to investigate and possibly implement a change where we enable authentication by default. I will write a short spec describing what this would look like and link it to this issue.
The URL has the beginnings of a spec. I'm putting this on hold for now...
Reassigned to new owner.