db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2206) Provide complete security model for Java routines
Date Thu, 01 Feb 2007 20:16:06 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12469570

Daniel John Debrunner commented on DERBY-2206:

> I'm afraid I don't see the need for maintaining two independent ways to manage java routine

but I think you are proposing two different security mechanisms.

I think you are proposing that if I have a jar file then I can control USAGE on it with GRANT/REVOKE
but also USAGE can be given to others without my knowledge by the dbo granting the right to
set the derby.database.classpath property.

I'm saying that if I have a jar file then the I control USAGE on it purely with GRANT/REVOKE.

Seems to be the former is more confusing. All I'm proposing is an extension of the existing
GRANT USAGE behaviour, namely USAGE on the jar must be granted to PUBLIC in order to use the
jar in the public derby.database.classpath.

I also think that security needs to be designed by what is possible for any user to do, not
just what is recommended.
While it's a clever technique to allow per-property setting to be granted to individuals,
it is possible and thus must be taken into account by security related changes. In addition,
the very concept of definer invoked routines is designed for this type of restricted access,
so I can't see it as a "sneaky way to subvert security". And at some point Derby will support
such routines, so designing with those in mind I would say is a good approach.

> Provide complete security model for Java routines
> -------------------------------------------------
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for user-created
objects such as Functions and Procedures. In the future this may include Aggregates and Function
Tables also. The issues are summarized on the following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
Plugin management can be tracked by this JIRA rather than by DERBY-2109. This is a master
JIRA to which subtasks can be linked.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message