db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Pendleton <bpendle...@amberpoint.com>
Subject Re: Running tests both with and without sqlAuthorization=true
Date Fri, 03 Nov 2006 18:01:34 GMT
> I would recommend trying to determine what 
> value running the test in a different environment has. If the same test 
> cases work and pass in both modes then probably no additional testing 
> resulted due to the run in SQL authorization mode.

I'm not sure I agree with that totally; I think I would say that no
additional problems were found, but additional code paths still may
have been executed. I suppose I could do some coverage analysis to try
to determine this one way or the other.

I do understand that running entire test suites both with and without
sqlAuthorization mode is not the most efficient or focused way to build
regression test suites for the different security paths through the code,
and runs the risk of piling a bunch of additional test suites on for not
much additional value, which I think is the broader point you were making.

ALTER TABLE is perhaps a special case: the GRANT/REVOKE work added a number
of new system catalogs, and the ALTER TABLE variants do a lot of processing
against the system catalogs. So I may be over-perceiving the exposure to
different paths through the code caused by sqlAuthorization mode due to my
recent involvement with various ALTER TABLE algorithms.



View raw message