[jira] Created: (DERBY-1823) Derby Developer's Guide - Issues w/ User authentication and authorization extended examples section/paragraph

Wed, 06 Sep 2006 18:16:57 -0700 

Derby Developer's Guide -  Issues w/ User authentication and authorization 
extended examples section/paragraph
--------------------------------------------------------------------------------------------------------------

                 Key: DERBY-1823
                 URL: http://issues.apache.org/jira/browse/DERBY-1823
             Project: Derby
          Issue Type: Bug
          Components: Documentation
    Affects Versions: 10.1.1.0
            Reporter: Francois Orsini
            Priority: Minor


There is a couple of issues with the paragraph/section  "User authentication 
and authorization extended examples" in the developer's guide
http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure26537.html

1) The methods turnOnBuiltInUsers() & turnOffBuiltInUsers() do NOT shutdown and 
reboot the database for which the 'derby.connection.requireAuthentication' 
authentication database property is being set - as this last one is a derby 
static property, it will not be taken into account until the database is 
rebooted (or the whole derby engine instance). Hence, the 2 checks for 
"Confirming requireAuthentication" is misleading as the property value is 
changed _but_ the actual database authentication enabling/disabling has not 
changed since it was last booted. Database needs to be shutdown and rebooted 
after 'derby.connection.requireAuthentication' is set and then some negative 
testing of invalid user connection needs to be added to show that only valid 
users can connect (in the case, authentication is being enabled).

2) Paragraph (extended examples section) also needs to be moved at the same 
level as the 2 above such as:
  "User authentication example in a single-user, embedded environment"
  http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure125.html
  "User authentication example in a client/server environment"
  http://db.apache.org/derby/docs/10.2/devguide/rdevcsecure13713.html

since the extended examples (once fixed - see 1)) can be applied in both a 
client-server and embedded environments context.


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to