db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: plugging more security holes in Derby
Date Tue, 28 Nov 2006 00:31:15 GMT
Rick Hillegas wrote:

> Missing privileges specific to a particular database:
> 
> - Shutdown that Database
> - Encrypt that database
> - Upgrade database

I assume that when in SQL authorization mode these three should, by 
default, be limited to the database owner. I guess today with 10.2 there 
is no such limitation in place. If that restriction was enforced, would 
there be any demand for the ability to grant the permission to other users?

> - Create (in that Database) Java Plugins (currently Functions/Procedures, but someday
Aggregates and VTIs) 

Can you explain what this means, what security issue are you trying to 
address?

Dan.



Mime
View raw message