db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2206) Provide complete security model for Java routines
Date Mon, 22 Jan 2007 16:11:30 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466493

Rick Hillegas commented on DERBY-2206:

I think that making this simpler is fine. I'm happy with one pseudo-jar which wraps everything
loaded by the system, extensions, and bootstrap classloaders. As a nit, I'd sand down the
name to something shorter. Maybe SYS.ENV.

I would be comfortable with this usage:

1) SYS.ENV is never mentioned in the jar-specific classpaths set by SQLJ.ALTER_JAVA_PATH.
Instead, everything in SYS.ENV can be referenced, implicitly, by user code.

2) The only purpose of SYS.ENV is to qualify EXTERNAL NAMEs when declaring procedures and

3) SYS.ENV starts out with USAGE granted to the database owner. Initially, only the database
owner can publish entry points in SYS.ENV.

> Provide complete security model for Java routines
> -------------------------------------------------
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>             Fix For:
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for user-created
objects such as Functions and Procedures. In the future this may include Aggregates and Function
Tables also. The issues are summarized on the following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
Plugin management can be tracked by this JIRA rather than by DERBY-2109. This is a master
JIRA to which subtasks can be linked.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message