[ http://issues.apache.org/jira/browse/DERBY-560?page=comments#action_12323060 ]
Daniel John Debrunner commented on DERBY-560: --------------------------------------------- For create databases I think Derby should at least match the shutdown system behaviour. For shutdown (jdbc:derby:;shutdown=true' the connection request must pass system authentication (if enabled). Logically create database should follow the same authentication check. > Provide finer grained security for connection attributes in Derby > ----------------------------------------------------------------- > > Key: DERBY-560 > URL: http://issues.apache.org/jira/browse/DERBY-560 > Project: Derby > Type: Improvement > Components: JDBC > Versions: 10.2.0.0 > Reporter: Kathey Marsden > > Currently if authentication is enabled in Derby, anyone who has access to a > database can connect with any attributes. This makes sense as that is > currently the only barrier to access to a Derby database. > With talk of adding GRANT/REVOKE to provide finer grained access, > consideration should be given to also providing finer grained access to > connection attributes, especially for Network Server. Giving any user that > can access the system permission to shutdown and create databases at will > could be an issue. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
