This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 105356

Summary: Allow users to start Derby Network Server with authentication enabled
Product: db Reporter: David Vancouvering <davidvc>
Component: DerbyAssignee: Libor Fischmeistr <lfischmeistr>
Status: NEW ---    
Severity: blocker    
Priority: P3    
Version: 6.x   
Hardware: All   
OS: All   
URL: http://wiki.netbeans.org/wiki/view/JavaDBAuthenticationEnabledFunctionalSpec
Issue Type: ENHANCEMENT Exception Reporter:

Description David Vancouvering 2007-06-01 04:38:51 UTC 
Currently we start the Derby Network Server using the default configuration. 
The default configuration for Derby 10.1 is to use no authentication.

That means I can start the server using any user or password and successfully
connect.  This is kind of nice, but it does leave the system vulnerable.  The
risk is minor because the server only accepts connections from the local host. 
But it still offers the opportunity for misuse.

This request is to investigate and possibly implement a change where we enable
authentication by default.

I will write a short spec describing what this would look like and link it to
this issue.
Comment 1 David Vancouvering 2007-06-01 17:44:36 UTC 
The URL has the beginnings of a spec.  I'm putting this on hold for now...
Comment 2 Jiri Rechtacek 2009-10-16 14:07:30 UTC 
Reassigned to new owner.