[
https://issues.apache.org/jira/browse/DERBY-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12568971#action_12568971
]
Daniel John Debrunner commented on DERBY-3014:
----------------------------------------------
I'm not sure that returning a value for a defined user is a good idea. This
means the method now indicates if a user name is valid or not which is more
information for an attacker. Now this function is under the control of the
database owner so maybe it's ok, but it's a very generic function, so at least
the documentation for it should indicate that allowing others to run this
exposes sensitive security information.
If it returned NULL than an additional function to determine is a user is valid
in the BUILTIN scheme could be added. With that it would be more obvious to the
database owner the danger of granting execute permission to others.
There may also be other ways to detemine valid users, but those might get
closed in future releases, so with this change it's a good chance to get it
right now.
> Make SYSCS_UTIL.SYSCS_GET_DATABASE_PROPERTY('derby.user.<username>') return
> NULL instead of the hash value of the password
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3014
> URL: https://issues.apache.org/jira/browse/DERBY-3014
> Project: Derby
> Issue Type: Improvement
> Components: Security
> Reporter: Daniel John Debrunner
> Assignee: R VIDYA LAKSHMI
> Attachments: DERBY-3014.diff
>
>
> Increases security by providing less information to any attacker. The current
> returned hash value could be used in an off-line dictionary based attack to
> find a valid password.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
