db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dyre.Tjeldv...@Sun.COM
Subject Re: Question about grant/revoke
Date Tue, 24 Apr 2007 16:52:29 GMT
Mamta Satoor <msatoor@gmail.com> writes:

> Dyre, I don't remember now if we discussed the 2 possible implementation
> choices ie to invalidate prepared statements by making them depend on
> privileges needed vs just catch privilege revocation at prepared statement
> execute time. I wonder if there is anything in the Derby dev list archive
> about this.

Again, thanks for taking the time to look at this. I'll scan the
archives and see what I can find.

> It seems like though that privilege revocation does get caught at execute
> time with the current implementation. 

Yes, but it happens inside fillResultSet(). Currently that method gets
called on every execution, but we are (DERBY-827) trying to make it
happen only on the first execution.

> Does that approach not work in some circumstances and is that why we
> are disucssing that approach?

It works just fine. I've tested modifying the call to

generateAuthorizeCheck() 

so that it adds its code to execute(), rather
than fillResultSet(), and this makes the test pass (and I haven't
noticed any negative side effects).

However, Dan wrote earlier in this thread (Tue, 03 Apr 2007 07:07:40
-0700):

"I think that the checking authorization once is the desired behaviour,
not every execution, for performance reasons. The statements should be
invalidated when a revoke is executed."

So that's why I'm looking at this...

-- 
dt


Mime
View raw message