db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ståle Deraas <Staale.Der...@Sun.COM>
Subject Re: 10.3 Concern: Need to make DBO restrictions [Derby-2264] optional at upgrade
Date Wed, 30 May 2007 06:23:05 GMT
Rick Hillegas wrote:
> Daniel John Debrunner wrote:
>> Dag H. Wanvik wrote:
>>> Hi,
>>>
>>> Stanley Bradbury <Stan.Bradbury@gmail.com> writes:
>>>
>>>> I feel strongly that the restrictions implemented by DERBY-2264 must
>>>> be tied to sqlAuthorization (or a new property of it's own) being
>>>> turned on.  The restrictions need to be optional at upgrade otherwise
>>>
>>> I understand your concerns. I addressed the upgrade issue several
>>> times in the discussion of this issue, but felt the community
>>> preferred the semantics which are currently implemented, landing on
>>> the side of a sensible secure-by-default behavior. Options:
>>
>> Was there any discussion outside of comments in DERBY-2264? I looked 
>> in the archives but couldn't see any between 2007/02/13 and 
>> 2007/02/20. I picked that date range because on 02/20 you said in 
>> DERBY-2264
>>
>>  "Right, it seems both Dan and Rick are less concerned than me about the
>> compatibility here issue, so I rest my case. "
>>
>> That was the first comment since 02/13, however, I don't see how my 
>> single comment in DERBY-2264 could lead you to that conclusion, I 
>> thought it's was just factual about authentication states. I'm sure 
>> there must have been a discussion elsewhere, but I can't find it at 
>> the moment.
>>
>> Dan.
>>
>>
>>
> I don't see any other discussion beyond what appears in DERBY-2264. I 
> like Dag's original proposal that we should restrict DBO powers only 
> if both authentication and authorization are enabled. I don't like the 
> idea of adding another security knob for this.
>

Maybe the thread "Q: Should Derby 10.3 be Derby 11?" raised by Bernt is 
what people are thinking of......

/Ståle

> Regards,
> -Rick


Mime
View raw message