db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject plugging more security holes in Derby
Date Fri, 17 Nov 2006 17:45:20 GMT
The 10.2 GRANT/REVOKE work was a big step forward in making Derby more 
secure in a client/server configuration. I'd like to plug some more 
security holes in 10.3. In particular, I'd like to focus on 
authorization issues which the ANSI spec doesn't address. I would 
appreciate feedback from the community: what do you think are the most 
important outstanding security issues?

Here are the important issues which occur to me. I'm not sure that 
GRANT/REVOKE will end up being the right way to plug these holes. Maybe 
for some issues, maybe not for others. At this point I just want to 
survey what's missing:

Missing privileges that are above the level of a single database:

- Create Database
- Shutdown System

Missing privileges specific to a particular database:

- Connect to that Database
- Shutdown that Database
- Create (in that Database) Java Plugins (currently 
Functions/Procedures, but someday Aggregates and VTIs)

What other issues do you think we should list?

(Note that 10.2 gave us GRANT/REVOKE control over the following 
database-specific issues, via granting execute privilege to system 
procedures:

Jar Handling
Backup Routines
Admin Routines
Import/Export
Property Handling
Check Table )

I would appreciate the community's advice.

Thanks,
-Rick

Mime
View raw message