db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Re: [jira] Commented: (DERBY-464) Enhance Derby by adding grant/revoke support. Grant/Revoke provide finner level of privileges than currently provided by Derby that is especially useful in network configurations.
Date Thu, 27 Oct 2005 01:00:05 GMT
Francois Orsini (JIRA) wrote:

>     [ http://issues.apache.org/jira/browse/DERBY-464?page=comments#action_12356032 ]

> 
> Francois Orsini commented on DERBY-464:
> ---------------------------------------
> 
> The way I implememted users in Cloudscape originally was done in a "Cloudscape running
Embedded" mindset rather than anything else - in a similar way we what ww have done for permissions
via properties - defining users is one thing, authenticating them via various schemes in another
- For instance today, users defined at the System level, not database one, do not have their
password encrypted for the built-in authentication scheme. I agree that users can be defined
outside of Derby but we can't assume all organizations have an LDAP server out there - in
fact, a lot if not most of them still don't have one.
> 
> What I have in mind for Derby defined users is the following:
> 
> - Users should be defined at the System level and added to databases as required (Grant
access to a database)

That, to my mind would be a bad step. Currently Derby databases are
independent of any system, they are self contained. Thus they can be
copied anywhere and continue to work. Adding a dependency on a system
database just seems wrong.

I've often thought that one mistake made in the early days was to have
the concept of a system, the single derby.properties, derby.log file, or
reading system properties.


Dan.



Mime
View raw message