db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2264) Restrict shutdown, upgrade, and encryption powers to the database owner
Date Tue, 06 Feb 2007 04:29:05 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12470445
] 

Daniel John Debrunner commented on DERBY-2264:
----------------------------------------------

Dag> "What I argue in my previous post is that it does not make sense to forbid shutting
down the database if you already can delete all its data, which is the case for 7 for fullAccess
users."

Without any checks in 3),7) then read-only users would also be able to shut the system down
(as they can today) even though they do not have the ability to delete all the data.

I think it's somewhat dangerous in security analysis to equate permissions which are really
independent of each other. For example one can have the permission to delete rows from a table
but not to drop it, they are treated as separate even though they could be seen to have a
similar effect.

I think you also cannot assume that a user authenticated by a database is a valid user in
the system authentication. Thus I don't think you can drop the checking for 4) since the user
may not be able to shut the system down.


> Restrict shutdown, upgrade, and encryption powers to the database owner
> -----------------------------------------------------------------------
>
>                 Key: DERBY-2264
>                 URL: https://issues.apache.org/jira/browse/DERBY-2264
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>         Attachments: dbaPowers.html, dbaPowers.html
>
>
> This JIRA separates out the database-owner powers from the system privileges in the master
security JIRA DERBY-2109. Restrict the following powers to the database owner for the moment:
shutdown, upgrade, and encryption.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message