db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2264) Restrict shutdown, upgrade, and encryption powers to the database owner
Date Tue, 13 Mar 2007 13:59:09 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12480398
] 

Rick Hillegas commented on DERBY-2264:
--------------------------------------

Thanks for the patch, Dag. This looks like solid incremental improvement. As your comments
indicate, this patch introduces a new race condition: We will kill another user's connection
if it sneaks in between the authenticating boot and the encrypting boot. I think this is a
small edge case. It can be addressed later on if we decide that it's a problem. I believe
that there are other, existing  boot-time edge cases having to do with encryption and upgrade.
Before patching this isolated, new case, I think we should analyze the other edge cases and
see if we can come up with a model that makes sense.

A couple comments on the patch to EmbedConnection itself:

1) A variable called "didWait" is initialized but I can't see where it's used later on.

2) I think that the error messages are not internationalized. It looks as though English strings
are being hardcoded and will end up being inserted in text that is localized to other languages--the
resulting composite text will be an odd pidgin. I can suggest 2 possible solutions to this
problem:

  a) Create separate error messages for the separate error states.

  b) Continue to have one error message but expand its text so that it describes all of the
error states and gives the user enough information to figure out which one applies.

Thanks, again.

> Restrict shutdown, upgrade, and encryption powers to the database owner
> -----------------------------------------------------------------------
>
>                 Key: DERBY-2264
>                 URL: https://issues.apache.org/jira/browse/DERBY-2264
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>         Assigned To: Dag H. Wanvik
>         Attachments: dbaPowers.html, dbaPowers.html, DERBY-2264-1.diff, DERBY-2264-1.stat,
DERBY-2264-2.diff, DERBY-2264-2.stat, DERBY-2264-3.diff, DERBY-2264-3.stat, DERBY-2264-4.diff,
DERBY-2264-4.stat, encrypt-1b.sql, encrypt-2.sql, encrypt-3.sql
>
>
> This JIRA separates out the database-owner powers from the system privileges in the master
security JIRA DERBY-2109. Restrict the following powers to the database owner for the moment:
shutdown, upgrade, and encryption.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message