Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 51444 invoked from network); 8 Jun 2007 02:07:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Jun 2007 02:07:48 -0000 Received: (qmail 60480 invoked by uid 500); 8 Jun 2007 02:07:51 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 60445 invoked by uid 500); 8 Jun 2007 02:07:51 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 60436 invoked by uid 99); 8 Jun 2007 02:07:51 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2007 19:07:51 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jun 2007 19:07:47 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 99C6F71420D for ; Thu, 7 Jun 2007 19:07:26 -0700 (PDT) Message-ID: <26605076.1181268446627.JavaMail.jira@brutus> Date: Thu, 7 Jun 2007 19:07:26 -0700 (PDT) From: "Dag H. Wanvik (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2109) System privileges In-Reply-To: <5831879.1164211141923.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12502606 ] Dag H. Wanvik commented on DERBY-2109: -------------------------------------- I saw some Javadoc warnings, e.g. [javadoc] /export/home/tmp/derby/sb/sb1/java/engine/org/apache/derby/security/DatabasePermission.java:54: warning - Tag @see: missing '#': "DatabasePermission(String,String)" etc. > System privileges > ----------------- > > Key: DERBY-2109 > URL: https://issues.apache.org/jira/browse/DERBY-2109 > Project: Derby > Issue Type: New Feature > Components: Security > Affects Versions: 10.3.0.0 > Reporter: Rick Hillegas > Assignee: Martin Zaun > Attachments: DERBY-2109-02.diff, DERBY-2109-02.stat, systemPrivs.html, systemPrivs.html, systemPrivs.html, systemPrivs.html > > > Add mechanisms for controlling system-level privileges in Derby. See the related email discussion at http://article.gmane.org/gmane.comp.apache.db.derby.devel/33151. > The 10.2 GRANT/REVOKE work was a big step forward in making Derby more secure in a client/server configuration. I'd like to plug more client/server security holes in 10.3. In particular, I'd like to focus on authorization issues which the ANSI spec doesn't address. > Here are the important issues which came out of the email discussion. > Missing privileges that are above the level of a single database: > - Create Database > - Shutdown all databases > - Shutdown System > Missing privileges specific to a particular database: > - Shutdown that Database > - Encrypt that database > - Upgrade database > - Create (in that Database) Java Plugins (currently Functions/Procedures, but someday Aggregates and VTIs) > Note that 10.2 gave us GRANT/REVOKE control over the following database-specific issues, via granting execute privilege to system procedures: > Jar Handling > Backup Routines > Admin Routines > Import/Export > Property Handling > Check Table > In addition, since 10.0, the privilege of connecting to a database has been controlled by two properties (derby.database.fullAccessUsers and derby.database.defaultConnectionMode) as described in the security section of the Developer's Guide (see http://db.apache.org/derby/docs/10.2/devguide/cdevcsecure865818.html). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.