db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-2893) INSERT and UPDATES succeed when permission has not been granted.
Date Tue, 03 Jul 2007 17:39:04 GMT
INSERT and UPDATES succeed when permission has not been granted.
----------------------------------------------------------------

                 Key: DERBY-2893
                 URL: https://issues.apache.org/jira/browse/DERBY-2893
             Project: Derby
          Issue Type: Bug
          Components: Security, SQL
    Affects Versions: 10.4.0.0
            Reporter: Daniel John Debrunner
            Priority: Critical


GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form

try {
   s.execute(command)
} catch (SQLException sqle)
{
       if (!hasPrivilege) 
            assertSQLState("42502", e);
       else
             fail(...);
}

Note that no fail() assert was in the try portion after the SQL execution. The statement should
not work if hasPrivilege is false, but the test will incorrectly pass if the statement succeeds.
I added fail asserts with revision 552922 like:

if (!hasPrivilege)
       fail("expected no INSERT permission on table");

but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures fail) indicating
that the statement succeeds even if the permission is not granted.

It could be a test problem but needs some investigation.

The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented out to stop the
test failing.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message