db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject Re: Can't upgrade from 10.1 to 10.3
Date Mon, 04 Jun 2007 17:38:20 GMT
Stanley Bradbury <Stan.Bradbury@gmail.com> writes:

> Am I missing something?  Has anyone successfully done the following
> upgrade?: I am not able to perform a hard upgrade from 10.1 to 10.3
> [am setting the ...PreReleaseUpgrade=true and using  10.3.0.0 alpha - 
> (543348)].  When I attempt to hard upgrade a 10.1 DB that requires
> authentication and has three valid users none of the logons are
> allowed to upgrade.  The error is:
> ij version 10.3
> ij> connect 'jdbc:derby:tstDB;upgrade=true;user=stan;password=xyzzy1';
> ERROR 08004: User 'STAN' cannot hard upgrade database 'tstDB'. Only
> the database owner can perform this operation.

This is because the database was created with an other effective user,
which then became the database owner. If authentication was not
enabled at the time of creation and no specific user given, the owner
would be "APP". The docs changes for DERBY-2264 warm against this
"gotcha".  A work-around is to make "APP" a valid user, if it is not
already one.

With the new semantics for 2264 (patch 8) tying the enforcement to SQL
authorization, users will hopefully know the database owner, so this
"trap" is less likely.

> If  I execute the connect command  a second time in the same IJ
> session I am allowed in but with a Soft Upgrade (even though the URL
> specifies ;upgrade=true).

This is because the first connect leaves the database in a booted
state, so the second connect ignores the upgrade attribute (existing
weakness: lack of checking for superfluous attributes). I remember
discussing whether we should shut down the database after booting and
failing authentication, but I think Dan suggested it would leave us
vulnerable to DoS.. 

See DERBY-2407 and DERBY-2409 and
http://www.nabble.com/no-protection-of-db-boot---intended--t3293929.html

Dag

Mime
View raw message