On 10/17/11 5:56 AM, Paul Nichols wrote:
The documentation is still (in 10.8) glossed with warnings against
production use of the BUILTIN authentication mechanism, can anyone tell me
what is wrong with it? The only reference to any problems I can find is
CVE-2009-4269 (DERBY-4483) which was fixed in 10.6.1.0 so is there any
reason to not use it now?
Thanks,
Paul.
Hi Paul,
Over time this mechanism is becoming more secure. The mechanism has some
usability problems:
1) It is hard to figure out all the knobs you have to turn to make this
feature as secure as possible. At a minimum, the dbo must do the
following and then store all of the credentials in the database:
call syscs_util.syscs_set_database_property(
'derby.database.propertiesOnly','true' );
call syscs_util.syscs_set_database_property(
'derby.connection.requireAuthentication', 'true' );
call syscs_util.syscs_set_database_property(
'derby.authentication.provider', 'BUILTIN' );
call syscs_util.syscs_set_database_property(
'derby.database.sqlAuthorization', 'true' );
2) Derby does not supply an api by which users can administer their own
passwords. You can get around this by writing your own public procedures
which are owned by the dbo and declared with definer's rights.
Thanks,
-Rick