db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "EDAH-TALLY (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3095) CALL SYSCS_UTIL.SYSCS_SET_USER_ACCESS(?, 'NOACCESS') FAILS
Date Sat, 06 Oct 2007 13:09:50 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12532864
] 

EDAH-TALLY commented on DERBY-3095:
-----------------------------------

Please see Reproduce3095.zip which can reproduce the exception.

My understanding of the problem is as follows :

Derby creates users as SQL92Identifiers. The user name unless quoted is by default used in
upper case when the user is added.
This should have been the same when the user is removed from the system. It seems that the
user name is used as supplied and is not converted to upper case. So deleting a user might
fail and it does silently. The user is still in the fullAccess list !!

It's a security issue that must be addressed.

A workarround is to use 

cs.setString(1, userName.toUpperCase()); //DERBY-3095 ISSUE
                cs.setString(2, null);

> CALL SYSCS_UTIL.SYSCS_SET_USER_ACCESS(?, 'NOACCESS') FAILS
> ----------------------------------------------------------
>
>                 Key: DERBY-3095
>                 URL: https://issues.apache.org/jira/browse/DERBY-3095
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC, Network Client
>    Affects Versions: 10.3.1.4
>         Environment: Linux 2.6.17-13mdv #1 SMP Fri Mar 23 15:18:36 EDT 2007 x86_64 AMD
Athlon(tm) 64 Processor 3000+ GNU/Linux
>            Reporter: EDAH-TALLY
>
> Sorry to bother you again.
> CALL SYSCS_UTIL.SYSCS_SET_USER_ACCESS(?, 'NOACCESS') FAILS and here's the stack trace
: 
> ******************************************************************************************
> java.sql.SQLException: Droit d'accès 'NOACCESS' inconnu.
>         at org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown Source)
>         at org.apache.derby.client.am.SqlException.getSQLException(Unknown Source)
>         at org.apache.derby.client.am.PreparedStatement.execute(Unknown Source)
>         at com.somecom.createUser(someAPP.java:190)
>         at com.somecom.grantKeys(someAPP.java:288)
>         at com.somecom.showGrantKeys(someAPP.java:269)
>         at com.somecom.MDIMenuClicked(someAPP.java:620)
>         at com.somecom.access$000(someAPP.java:15)
>         at com.somecom$5.actionPerformed(someAPP.java:564)
>         at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1995)
>         at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2318)
>         at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
>         at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
>         at javax.swing.AbstractButton.doClick(AbstractButton.java:357)
>         at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:1216)
>         at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:1257)
>         at java.awt.Component.processMouseEvent(Component.java:6038)
>         at javax.swing.JComponent.processMouseEvent(JComponent.java:3260)
>         at java.awt.Component.processEvent(Component.java:5803)
>         at java.awt.Container.processEvent(Container.java:2058)
>         at java.awt.Component.dispatchEventImpl(Component.java:4410)
>         at java.awt.Container.dispatchEventImpl(Container.java:2116)
>         at java.awt.Component.dispatchEvent(Component.java:4240)
>         at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4322)
>         at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3986)
>         at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3916)
>         at java.awt.Container.dispatchEventImpl(Container.java:2102)
>         at java.awt.Window.dispatchEventImpl(Window.java:2429)
>         at java.awt.Component.dispatchEvent(Component.java:4240)
>         at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
>         at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273)
>         at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183)
>         at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173)
>         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168)
>         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160)
>         at java.awt.EventDispatchThread.run(EventDispatchThread.java:121)
> Caused by: org.apache.derby.client.am.SqlException: Droit d'accès 'NOACCESS' inconnu.
>         at org.apache.derby.client.am.Statement.completeExecute(Unknown Source)
>         at org.apache.derby.client.net.NetStatementReply.parseEXCSQLSTTreply(Unknown
Source)
>         at org.apache.derby.client.net.NetStatementReply.readExecuteCall(Unknown Source)
>         at org.apache.derby.client.net.StatementReply.readExecuteCall(Unknown Source)
>         at org.apache.derby.client.net.NetStatement.readExecuteCall_(Unknown Source)
>         at org.apache.derby.client.am.Statement.readExecuteCall(Unknown Source)
>         at org.apache.derby.client.am.PreparedStatement.flowExecute(Unknown Source)
>         at org.apache.derby.client.am.PreparedStatement.executeX(Unknown Source)
>         ... 34 more
> *********************************************************************************************
> FULLACCESS : OK
> READONLYACCESS : OK
> NOACCESS : FAILURE
> By the way, the CONNECTION_PERMISSION parameter in the documentation is not up to date.
> Thank you for considering.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message