Connecting with an invalid user identifier performs authentication before
rejecting the connection.
---------------------------------------------------------------------------------------------------
Key: DERBY-2736
URL: https://issues.apache.org/jira/browse/DERBY-2736
Project: Derby
Issue Type: Bug
Components: Security
Affects Versions: 10.2.2.0, 10.2.1.6, 10.1.3.1, 10.1.2.1, 10.1.1.0,
10.0.2.1, 10.0.2.0, 10.3.0.0
Reporter: Daniel John Debrunner
Priority: Minor
Ideally no authentication attempt should be made because the user identifier is
invalid.
E.g. with this URL
jdbc:derby:db1;user=123
the connection attempt will correctly fail but only after the authentication
mechanism is called.
If the application has installed its own UserAuthenticator class then that
class will be called with an invalid identifier.
I believe that the connection request should fail before calling any
authentication, developers should only be required
to handle valid identifiers.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
