db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dag.Wan...@Sun.COM (Dag H. Wanvik)
Subject max size of authentication ids: lift restriction?
Date Mon, 22 Oct 2007 12:26:19 GMT


While working on roles, I notice that there is a max size of 30 on
user ids in derby (authentication identifiers), e.g. the check being
performed in the parser:

private void checkAuthorizationLength( String authorization)
   checkIdentifierLengthLimit( authorization, Limits.DB2_MAX_USERID_LENGTH);

where Limits.DB2_MAX_USERID_LENGTH == 30. I have checked, and I don't
think there are any fundamental reasons why Derby can't lift this DB2
restriction: Then authentication identifiers would have the same max
limit as other identifiers: 128 (Limits.MAX_IDENTIFIER_LENGTH).

Current, this limit of 30 is enforced for GRANT/REVOKE, i.e. for the

However, in the CREATE SCHEMA statement, the clause

         AUTHORIZATION <authorization identifier>

which allows specifying a schema's owner, is *not* subject to this
restriction. This is also reflected in the reference documentation for
system tables:

Column Name 	Type 	Length 	Nullability 	Contents
AUTHORIZATIONID VARCHAR 128     false           the authorization
                                                identifier of the
                                                owner of the schema  


Column Name 	Type 	Length 	Nullability 	Contents
GRANTEE 	VARCHAR 30 	False 	        The authorization ID
                                                of the user to whom
                                                the privilege is

Furthermore, the limit is enforced in the authorizer code
(AuthenticationServiceBase#authenticate). It is also reflected in the
metadata: EmbedDatabaseMetaData#getMaxUserNameLength.

I think it would be good to harmonize these two different limits for
authentication identifier and remove the 30 limit.

Does anybody know of a reason why this should not be done/attempted?
If not, I will file an issue for it.

View raw message