db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satheesh Bandaram <sathe...@Sourcery.Org>
Subject Re: Grant/Revoke subtask - EXTERNAL SECURITY DEFINER | EXTERNAL SECURITY INVOKER
Date Wed, 22 Feb 2006 18:34:22 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
Mamta Satoor wrote:
<blockquote
 cite="midd9619e4a0602220951n5d8d563ese19f9f05313483b7@mail.gmail.com"
 type="cite">
  <div>Satheesh, I was looking through the code last night and saw
following comment, about external security info flag, in
CreateAliasNode.init line 195</div>
  <div>&nbsp;&nbsp;&nbsp;&nbsp;// GrantRevoke TODO: Figure out how to
save external
security info. Putting this in<br>
&nbsp;&nbsp;&nbsp;&nbsp;// RoutineAliasInfo may not be the best long term
solution<br>
It seems like RoutineAliasInfo will be the logical&nbsp;place to keep this
external security information, similar to the way we keep other
information like called on null input,&nbsp;parameter count etc. Did you
have reservations about this approach because we want to move away from
using objects in the system tables (which in this case is AliasInfo in
SYSALIASES table)?</div>
</blockquote>
Here are some of my concerns about adding another field to
RoutineAliasInfo. <br>
<ol>
  <li>It would become harder to extract this info from RoutineAliasInfo
as it is a Java object for any metadata processing... like in dblook or
for other GUI tools. We would have to document how RoutineAliasInfo
gets generated as a character type and maintain that format in the
future.</li>
  <li>Have to support existing RoutineAliasInfo instances created in
existing databases. You would have to introduce a new RoutineAliasInfo
version or add a new mapping to another java object.</li>
</ol>
It may be cleaner to add a new column to sysaliases table, but it can
also be done as RoutineAliasInfo field.<br>
<br>
Satheesh<br>
<blockquote
 cite="midd9619e4a0602220951n5d8d563ese19f9f05313483b7@mail.gmail.com"
 type="cite">
  <div></div>
  <div>&nbsp;</div>
  <div>thanks,</div>
  <div>Mamta<br>
  <br>
&nbsp;</div>
  <div><span class="gmail_quote">On 2/21/06, <b
 class="gmail_sendername">Satheesh Bandaram</b> &lt;<a
 onclick="return top.js.OpenExtLink(window,event,this)"
 href="mailto:satheesh@sourcery.org" target="_blank">satheesh@sourcery.org
  </a>&gt; wrote:</span>
  <blockquote class="gmail_quote"
 style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left:
1ex;">Thanks
for picking this up. A sub-task under DERBY-464 sounds good.<br>
    <br>
Satheesh<br>
    <br>
Mamta Satoor wrote: <br>
    <br>
&gt; Hi,<br>
&gt;<br>
&gt; Satheesh has added the parser support for EXTERNAL SECURITY
DEFINER |<br>
&gt; EXTERNAL SECURITY INVOKER on a routine (function or procedure). eg<br>
&gt; from lang/grantRevoke.sql test<br>
&gt; CREATE PROCEDURE AUTH_TEST.addUserUtility(IN userName VARCHAR(50),
IN <br>
&gt; permission VARCHAR(22))<br>
&gt; LANGUAGE JAVA PARAMETER STYLE JAVA<br>
&gt; EXTERNAL SECURITY INVOKER<br>
&gt; EXTERNAL NAME 'org.apache.derby.database.UserUtility.add ';<br>
&gt;<br>
&gt; But this information about INVOKER vs DEFINER doesn't get stored
in <br>
&gt; any system table. I am looking into finishing up this subtask to
see<br>
&gt; what may be required during compile, execute and upgrade times for<br>
&gt; this subtask. Will send more information as I make more progress. <br>
&gt;<br>
&gt; thanks,<br>
&gt; Mamta<br>
&gt;<br>
&gt; ps Will it be useful to create a subtask of Derby-464 to keep
track of<br>
&gt; this work?<br>
    <br>
    <br>
  </blockquote>
  </div>
  <br>
</blockquote>
</body>
</html>


Mime
View raw message