Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm
Precedence: bulk
Reply-To: <derby-dev@db.apache.org>
Message-ID: <29694056.1156148175409.JavaMail.jira@brutus>
Date: Mon, 21 Aug 2006 01:16:15 -0700 (PDT)
From: "Yip Ng (JIRA)" <derby-dev@db.apache.org>
To: derby-dev@db.apache.org
Subject: [jira] Commented: (DERBY-1708) Unprivileged user can perform lock
 table statement on a table which he/she does not have any access rights
In-Reply-To: <33153275.1155766695607.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

    [ http://issues.apache.org/jira/browse/DERBY-1708?page=comments#action_12429358 ] 
            
Yip Ng commented on DERBY-1708:
-------------------------------

derbyall passes, no new regression introduced with this patch.

> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-1708
>                 URL: http://issues.apache.org/jira/browse/DERBY-1708
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.2.1.0
>         Environment: Sun JDK 1.4.2
>            Reporter: Yip Ng
>         Assigned To: Yip Ng
>         Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own.  e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version:    1.4.2_12
> Java Vendor:     Sun Microsystems Inc.
> Java home:       C:\Program Files\Java\j2re1.4.2_12
> Java classpath:  derby.jar;derbytools.jar;.
> OS name:         Windows XP
> OS architecture: x86
> OS version:      5.1
> Java user name:  Yip
> Java user home:  C:\Documents and Settings\Yip
> Java user dir:   C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale :  [English/United States [en_US]]
> Found support for locale: [de_DE]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [es]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [it]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
>          version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
>          version: 10.2.1.0 - (430903)
> ------------------------------------------------------

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira