db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Re: Grant and Revoke ... DERBY-464...
Date Wed, 26 Oct 2005 21:25:30 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks for the quick review and great comments... More below...<br>
<br>
Daniel John Debrunner wrote:<br>
<blockquote cite="mid435FDB5F.1090002@debrunners.com" type="cite"><></>
  <pre wrap="">
The default is the opposite of the current behaviour, this probably
needs to be addressed in the upgrade section. Ie. after an existing
database is changed to sqlStandard, what is the setting of the
external-security-clause for existing routines?

Would using this clause cause an exception in the legacy mode?

  </pre>
</blockquote>
OK. I will think about this some more and add more details... It may be
best to leave the external-security-clause to INVOKER for existing
routines after a database being changed to sqlStandard mode...
Otherwise, their behavior could change by switching the mode.<br>
<blockquote cite="mid435FDB5F.1090002@debrunners.com" type="cite">
  <pre wrap=""></pre>
  <blockquote type="cite">
    <pre wrap=""> All the built in
functions and procedures have EXTERNAL SECURITY INVOKER. So, for
instance a user cannot call SYSCS_EXPORT_TABLE to see tables on which he
has no SELECT permission. 
    </pre>
  </blockquote>
  <pre wrap=""><!---->
Not sure that is true, or the required behaviour. It may be some of the
routines need to be EXTERNAL SECURITY DEFINED. Need to think about it
more, probably with an explicit list of all the builtin routines.
  </pre>
</blockquote>
I will make a list to see if any of them needs different mode. I
haven't thought of all of them, for sure. <span class="moz-smiley-s1"><span>
:-) </span></span><br>
<blockquote cite="mid435FDB5F.1090002@debrunners.com" type="cite">
  <pre wrap="">Rather than "All tables and views" I think you mean 'All database objects'.

  </pre>
  <blockquote type="cite">
    <pre wrap="">Until a GRANT statement is issued, only the table owner will have access
to a table.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
This matches an newly created database and populated database, correct?
I.e. there is nothing special about upgrade here.
  </pre>
</blockquote>
Right...<br>
<blockquote cite="mid435FDB5F.1090002@debrunners.com" type="cite">
  <pre wrap=""></pre>
  <blockquote type="cite">
    <pre wrap="">Security mode switching is performed using the
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY procedure. In a database
operating under the legacy security model any user with fullAccess can
call this procedure to switch the security mode to "sqlStandard". A
database may not be reverted from the standard security mode to a legacy
security mode.
    </pre>
  </blockquote>
  <pre wrap=""><!---->
The not reverting it may cause issues, especially if the default is
switched. Though I can see it is the preferred way.

I think you are also implicitly stating here that
derby.database.defaultConnectionMode becomes a property that can only be
set at the database level, ie. not as a system property or in
derby.properties. May need to think that through for existing applications.
  </pre>
</blockquote>
Good point. Needs more work here...<br>
<blockquote cite="mid435FDB5F.1090002@debrunners.com" type="cite">
  <pre wrap=""></pre>
  <blockquote type="cite">
    <pre wrap="">It may be good to switch the default connection mode to standard model
and hence support grant/revoke by default in future releases. A scheme
needs to be evolved to reduce any disruptions to existing users of Derby.
    </pre>
  </blockquote>
  <pre wrap=""><!---->

Agree that can be a separare project, though we may want to consider it
before 10.2, and if we do it then 10.2 becomes 11.0.
  </pre>
</blockquote>
Right... If we do want to make sqlStandard mode the default, it might
need a major version number change. Let us see how the implementation
progresses...<br>
<br>
Satheesh<br>
</body>
</html>


Mime
View raw message