db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: 10.3 Concern: Need to make DBO restrictions [Derby-2264] optional at upgrade
Date Tue, 29 May 2007 20:27:55 GMT
Daniel John Debrunner wrote:
> Dag H. Wanvik wrote:
>> Hi,
>>
>> Stanley Bradbury <Stan.Bradbury@gmail.com> writes:
>>
>>> I feel strongly that the restrictions implemented by DERBY-2264 must
>>> be tied to sqlAuthorization (or a new property of it's own) being
>>> turned on.  The restrictions need to be optional at upgrade otherwise
>>
>> I understand your concerns. I addressed the upgrade issue several
>> times in the discussion of this issue, but felt the community
>> preferred the semantics which are currently implemented, landing on
>> the side of a sensible secure-by-default behavior. Options:
>
> Was there any discussion outside of comments in DERBY-2264? I looked 
> in the archives but couldn't see any between 2007/02/13 and 
> 2007/02/20. I picked that date range because on 02/20 you said in 
> DERBY-2264
>
>  "Right, it seems both Dan and Rick are less concerned than me about the
> compatibility here issue, so I rest my case. "
>
> That was the first comment since 02/13, however, I don't see how my 
> single comment in DERBY-2264 could lead you to that conclusion, I 
> thought it's was just factual about authentication states. I'm sure 
> there must have been a discussion elsewhere, but I can't find it at 
> the moment.
>
> Dan.
>
>
>
I don't see any other discussion beyond what appears in DERBY-2264. I 
like Dag's original proposal that we should restrict DBO powers only if 
both authentication and authorization are enabled. I don't like the idea 
of adding another security knob for this.

Regards,
-Rick

Mime
View raw message