db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Grant and Revoke, Part I ... DERBY-464...
Date Wed, 11 Jan 2006 15:34:11 GMT
Satheesh Bandaram wrote:

> Daniel John Debrunner wrote:
>>I wonder if we should look at grant/revoke augmenting the existing
>>authorization model instead of replacing it.

> Why would we want to augment the new authorization model with the old
> one? Is there something that old model provides that new model doesn't
> have?

Yes, the ability to deny a user access to the database and the ability
to make a user's connection read-only. Your current grant/revoke work is
really an extension to the current authorization, it does not replace
the existing functionality.

Note that the property controlling the existing authorization is
'defaultConnectionMode', supporting grant/revoke is not a *connection*
mode, it is a state of the database.

> I think mixing both will lead to confusion to users many already
> familiar with the ansi subset model being proposed. This will also
> create hurdles as we expand authorization scheme to support roles and
> "system privileges" as Francois calls them and other security capabilities.

I'm more proposing this to deal with existing Derby applications and
finding an easy way to bring them into the new world of grant revoke.
Users familiar with the ansi subset model would just use that, no need
to get involved with the defaultConnectionModel. Though until roles and
system privileges is supported, they might need to to ensure a secure
system. I haven't seen any proposal on these roles or system privileges
so I'm looking at how secure Derby will be in its next release given
what has been proposed and is being worked on. If we have a release
about 6 months from the last one, it will be around March. I think
someone was going to set up a wiki page with what "10.3" would include,
though that hasn't happened yet.


View raw message