[ https://issues.apache.org/jira/browse/GERONIMO-4878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12755485#action_12755485 ]
Donald Woods commented on GERONIMO-4878: ---------------------------------------- Duplicate of https://issues.apache.org/jira/browse/GERONIMO-4296 > Geronimo doesnt protect access to its Derby databases > ----------------------------------------------------- > > Key: GERONIMO-4878 > URL: https://issues.apache.org/jira/browse/GERONIMO-4878 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security > Affects Versions: 2.1.4 > Reporter: Radim Kolar > > run ij tool which comes with eclipse derby plugin and connect to geronimo. > ij> connect 'jdbc:derby://localhost/SystemDatabase'; > ij> show tables; > TABLE_SCHEM |TABLE_NAME |REMARKS > ------------------------------------------------------------------------ > SYS |SYSALIASES | > SYS |SYSCHECKS | > SYS |SYSCOLPERMS | > SYS |SYSCOLUMNS | > SYS |SYSCONGLOMERATES | > SYS |SYSCONSTRAINTS | > SYS |SYSDEPENDS | > SYS |SYSFILES | > SYS |SYSFOREIGNKEYS | > SYS |SYSKEYS | > SYS |SYSROUTINEPERMS | > SYS |SYSSCHEMAS | > SYS |SYSSTATEMENTS | > SYS |SYSSTATISTICS | > SYS |SYSTABLEPERMS | > SYS |SYSTABLES | > SYS |SYSTRIGGERS | > SYS |SYSVIEWS | > SYSIBM |SYSDUMMY1 | > APP |ACTIVEMQ_ACKS | > APP |ACTIVEMQ_LOCK | > APP |ACTIVEMQ_MSGS | > APP |TIMERTASKS | > 23 rows selected > ij> > no security restrictions are in place. Same for activemq message broker. > Network listeners should be password protected. > It would be great to have ability in administration console where we can > assign security realm protection to particular derby database(s) or queues. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.