db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2207) Improve usability of Derby's client/server security by implementing ANSI Roles
Date Tue, 29 Jan 2008 22:42:34 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12563707#action_12563707
] 

Dag H. Wanvik commented on DERBY-2207:
--------------------------------------

> Is this some new mechanism, because today prepared statements are
> invalidated, not activations?

Yes, one I was contemplating..

> I think invalidating the prepared statements is a bad plan. A SET ROLE
> will become a common operation, especially for routines. Having a
> routine execution invalidate any prepared statements will cause
> tremendous performance problems as all users executing the routine
> will be constantly invalidating each other's plans.

Yes, this was my worry too, which is why I considered invalidating
just the activation.

> I agree dropping a role should perform the invalidations, but not
> resetting a role.

This seems right for persistent objects (view, triggers, constraints),
but in the case of the prepared statement (your example), it seems to
me be the role should still be in place when the execute is performed?
(although not for every cursor access :)

If so, some kind of invalidation seems called for...?

We could just wave our hands and say the check is only performed on
the first execute of a ps (when the checks are done for the activation
as it is created) I guess. Maybe that is acceptable although not
strictly compliant? Or does your interpretation lead you to believe it *is* compliant?


> Improve usability of Derby's client/server security by implementing ANSI Roles
> ------------------------------------------------------------------------------
>
>                 Key: DERBY-2207
>                 URL: https://issues.apache.org/jira/browse/DERBY-2207
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>            Assignee: Dag H. Wanvik
>         Attachments: spec.html, spec.html, spec.html, spec.html, spec.html, spec.html
>
>
> Implementing ANSI Roles will make it easier to manage security for multi-user applications
with high user turnover.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message