On 6/22/07, Knut Anders Hatlen <[EMAIL PROTECTED]> wrote:
David Van Couvering <[EMAIL PROTECTED]> writes: > I think "invalid authentication" is incorrect, because actually it > should be "this user is not authorized to shut down the database." > The authentication went fine, it's just they aren't authorized. There > is security and there is being completely misleading. The poor user > will scratch their heads, like Martin did, wondering what on earth is > wrong with their user and password, especially when they can log in to > do other things. Since the problem here is that the shutdown command in NetworkServerControl does not pick up the user name or the password, I think "invalid authentication" is correct. It tries to shut down the database using the default user and no password when derby.connection.requireAuthentication is true, hence it is not authenticated (whereas the default user may or may not be authorized to shut down the database).
Correct.
On 6/21/07, Francois Orsini <[EMAIL PROTECTED]> wrote: >> >> >> On 6/21/07, Knut Anders Hatlen <[EMAIL PROTECTED]> wrote: >> > Martin Zaun <[EMAIL PROTECTED]> writes: >> > > - For better diagnostics, should the "Invalid authentication" message >> > > tell the user name being used for authentication? >> >> We could have - this has been there for ages - I think it was done >> originally for extra security ;-) One does not say anything about what went >> wrong with the credentials, one just fails to authenticate and the requester >> should know what to do to fix it (no guidance as far as what went wrong - >> other databases also do this - I remember having looked at other RDBMS but >> it was long ago). I don't think adding the user name to the error message would reduce the security. Sure, "User 'APP' does not exist" or "Invalid password for user 'APP'" would be problematic, as they would reveal whether or not a user existed. However, a message like "Invalid authentication for user 'APP'" would be OK since it doesn't say what went wrong, and it would be more useful since Martin (or any other user) would immediately see that the supplied user name had not been picked up.
Fair enough for the server (NetworkServerControl) - Yes, in this context it is hard to find out which user has failed to authenticate. +1 --
Knut Anders
