db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: [jira] Commented: (DERBY-2437) SYSCS_EXPORT_TABLE can be used to overwrite derby files
Date Mon, 09 Jul 2007 19:32:16 GMT
Mike Matrigali wrote:
>
>
> Rick Hillegas (JIRA) wrote:
>>     [ 
>> https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511221

>> ]
>> Rick Hillegas commented on DERBY-2437:
>> --------------------------------------
>>
>> I am trying to wrap my  mind around how much incremental exposure is 
>> introduced by the ability to import/export LOBs. In a properly 
>> secured system, this power would be limited to the database owner. 
>> Currently, the database owner enjoys godlike powers, including the 
>> ability to read and change everyone's passwords. If I were a DBA bent 
>> on increasing my salary, I don't think I would use import/export to 
>> do this. The following seems like a much more straightforward approach:
>>
> This is what I have been looking for.  What does a properly secured 
> system do to prevent import/export?  I have been looking around in the
> documentation but not quite sure where to look.  Is this a 
> grant/revoke thing?
Hi Mike,

Yes, import/export privileges are controlled by GRANTing/REVOKEing 
EXECUTE privilege on the import/export system procedures. By default, 
only the database owner has that privilege. Like you, I am puzzled about 
where we document this. I glanced at the user guides quickly but 
couldn't figure it out.

Regards,
-Rick

Mime
View raw message