db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lance J. Andersen" <Lance.Ander...@Sun.COM>
Subject Re: [jira] Commented: (DERBY-2109) System privileges
Date Thu, 14 Dec 2006 20:01:09 GMT
I agree with David on this that policy files are painful.

David Van Couvering wrote:
>
>
> Rick Hillegas (JIRA) wrote:
>>
>> 2) Unfamiliar api. Oracle, DB2, Postgres, and MySQL all handle system 
>> privileges in different ways. Picking one of these models would still 
>> result in an api that's unfamiliar to many people. That said, these 
>> databases do tend to use GRANT/REVOKE for system privileges, albeit 
>> each in its own peculiar fashion. I agree that GRANT/REVOKE is an 
>> easier model to learn than Java Security. I think however, that the 
>> complexity of Java Security is borne by the derby-dev developer, not 
>> by the customer. Creating a policy file is very easy and our user 
>> documentation gives simple examples which the naive user can just 
>> crib. With adequate user documentation, I think this approach would 
>> be straightforward for the customer.
>
> I must respectfully disagree that "creating a policy file is very 
> easy."  I think it's a royal PITA - the syntax is complex, 
> nonintuitive and unforgiving.
>
> Can we provide a GRANT/REVOKE interface on top of an implementation 
> that  uses JAAS?
>

Mime
View raw message