Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 73259 invoked from network); 10 Jul 2007 20:14:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Jul 2007 20:14:45 -0000 Received: (qmail 94140 invoked by uid 500); 10 Jul 2007 20:14:31 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 94103 invoked by uid 500); 10 Jul 2007 20:14:31 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 94002 invoked by uid 99); 10 Jul 2007 20:14:31 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jul 2007 13:14:30 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Jul 2007 13:14:24 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 8120E71403F for ; Tue, 10 Jul 2007 13:14:04 -0700 (PDT) Message-ID: <5223927.1184098444517.JavaMail.jira@brutus> Date: Tue, 10 Jul 2007 13:14:04 -0700 (PDT) From: "Kathey Marsden (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Updated: (DERBY-2893) INSERT and UPDATES succeed when permission has not been granted. In-Reply-To: <5594754.1183484344510.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kathey Marsden updated DERBY-2893: ---------------------------------- Component/s: (was: Security) (was: SQL) Test Priority: Major (was: Critical) Downgrading this to a major test issue from critical bug. > INSERT and UPDATES succeed when permission has not been granted. > ---------------------------------------------------------------- > > Key: DERBY-2893 > URL: https://issues.apache.org/jira/browse/DERBY-2893 > Project: Derby > Issue Type: Bug > Components: Test > Affects Versions: 10.3.0.0, 10.3.1.0, 10.4.0.0 > Reporter: Daniel John Debrunner > Attachments: DERBY-2893_diff.txt > > > GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form > try { > s.execute(command) > } catch (SQLException sqle) > { > if (!hasPrivilege) > assertSQLState("42502", e); > else > fail(...); > } > Note that no fail() assert was in the try portion after the SQL execution. The statement should not work if hasPrivilege is false, but the test will incorrectly pass if the statement succeeds. I added fail asserts with revision 552922 like: > if (!hasPrivilege) > fail("expected no INSERT permission on table"); > but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures fail) indicating that the statement succeeds even if the permission is not granted. > It could be a test problem but needs some investigation. > The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented out to stop the test failing. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.