db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2206) Provide complete security model for Java routines
Date Mon, 22 Jan 2007 21:16:30 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466566

Rick Hillegas commented on DERBY-2206:

At this point, we are talking about an API which diverges from the SQL standard in several

A) Jar ids, which are mandatory in SQL, are optional for us.

B) We have invented a pseudo-jar SYS.ENV, which does not appear in SQL.

C) We cannot preserve the derby.database.classpath search order without breaking the rules
for the jar-specific classpath set by SQLJ.ALTER_JAVA_PATH.

I have two misgivings:

1) I am worried that we will confuse both ourselves and our customers with an API which is
neither the SQL standard nor the old, familiar Cloudscape API.

2) I am worried that we have not stepped back and discussed the customer experience in terms
of upgrade expectations and default, out-of-the-box behavior.

Right now, I'd like to get some clarity on issue (2). Are we expecting any of the following:

i) That Derby will be secure-by-default? Or is routine-security something you have to explicitly
opt into?

ii) That users upgrading to 10.3 won't have to change their applications?

> Provide complete security model for Java routines
> -------------------------------------------------
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>             Fix For:
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for user-created
objects such as Functions and Procedures. In the future this may include Aggregates and Function
Tables also. The issues are summarized on the following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
Plugin management can be tracked by this JIRA rather than by DERBY-2109. This is a master
JIRA to which subtasks can be linked.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message