db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yip Ng (JIRA)" <derby-...@db.apache.org>
Subject [jira] Created: (DERBY-1708) Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
Date Wed, 16 Aug 2006 22:18:15 GMT
Unprivileged user can perform lock table statement on a table which he/she does not have any
access rights
----------------------------------------------------------------------------------------------------------

                 Key: DERBY-1708
                 URL: http://issues.apache.org/jira/browse/DERBY-1708
             Project: Derby
          Issue Type: Bug
    Affects Versions: 10.2.0.0
         Environment: Sun JDK 1.4.2
            Reporter: Yip Ng


An unprivileged user was able to lock a table for which he/she does not own.  e.g.:

ij version 10.2
ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij> create table t1 (i int);
0 rows inserted/updated/deleted
ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij(USER2)> autocommit off;
ij(USER2)> lock table user1.t1 in exclusive mode;
0 rows inserted/updated/deleted

sysinfo:
------------------ Java Information ------------------
Java Version:    1.4.2_12
Java Vendor:     Sun Microsystems Inc.
Java home:       C:\Program Files\Java\j2re1.4.2_12
Java classpath:  derby.jar;derbytools.jar;.
OS name:         Windows XP
OS architecture: x86
OS version:      5.1
Java user name:  Yip
Java user home:  C:\Documents and Settings\Yip
Java user dir:   C:\work3\derby\tests\derby-10.2.1.0\lib
java.specification.name: Java Platform API Specification
java.specification.version: 1.4
--------- Derby Information --------
JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
[C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
[C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
)
------------------------------------------------------
----------------- Locale Information -----------------
Current Locale :  [English/United States [en_US]]
Found support for locale: [de_DE]
         version: 10.2.1.0 - (430903)
Found support for locale: [es]
         version: 10.2.1.0 - (430903)
Found support for locale: [fr]
         version: 10.2.1.0 - (430903)
Found support for locale: [it]
         version: 10.2.1.0 - (430903)
Found support for locale: [ja_JP]
         version: 10.2.1.0 - (430903)
Found support for locale: [ko_KR]
         version: 10.2.1.0 - (430903)
Found support for locale: [pt_BR]
         version: 10.2.1.0 - (430903)
Found support for locale: [zh_CN]
         version: 10.2.1.0 - (430903)
Found support for locale: [zh_TW]
         version: 10.2.1.0 - (430903)
------------------------------------------------------

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message