db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2109) System privileges
Date Thu, 28 Feb 2008 19:21:51 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573411#action_12573411
] 

Myrna van Lunteren commented on DERBY-2109:
-------------------------------------------

When a new patch with a fix for J2ME is available, I'll  be happy to run again, but my results
with patch 10 are that for derbyall, only 5 tests passed, for suites.All, 113 tests failed
(didn't run suites.All with jars, only classes).
For reference, here's a stack example, from lang/locktable.sql's derby.log

java.lang.NoClassDefFoundError: javax.security.auth.Subject
	at org.apache.derby.iapi.security.SecurityUtil.createSystemPrincipalSubject(SecurityUtil.java:112)
	at org.apache.derby.iapi.security.SecurityUtil.checkDatabaseCreatePermission(SecurityUtil.java:255)
	at org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(EmbedConnection.java:2259)
	at org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:351)
	at org.apache.derby.jdbc.Driver169.getNewEmbedConnection(Driver169.java:57)
	at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:240)
	at org.apache.derby.jdbc.EmbeddedSimpleDataSource.getConnection(EmbeddedSimpleDataSource.java:406)
	at org.apache.derby.jdbc.EmbeddedSimpleDataSource.getConnection(EmbeddedSimpleDataSource.java:373)
	at java.lang.reflect.AccessibleObject.invokeL(AccessibleObject.java:213)
	at java.lang.reflect.Method.invoke(Method.java:272)
	at org.apache.derby.impl.tools.ij.util.getDataSourceConnection(util.java:426)
	at org.apache.derby.impl.tools.ij.util.startJBMS(util.java:516)
	at org.apache.derby.impl.tools.ij.util.startJBMS(util.java:585)
	at org.apache.derby.impl.tools.ij.ConnectionEnv.init(ConnectionEnv.java:64)
	at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(utilMain.java:165)
	at org.apache.derby.impl.tools.ij.Main.<init>(Main.java:230)
	at org.apache.derby.impl.tools.ij.Main.getMain(Main.java:193)
	at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:178)
	at org.apache.derby.impl.tools.ij.Main.main(Main.java:73)
	at org.apache.derby.tools.ij.main(ij.java:59)

> System privileges
> -----------------
>
>                 Key: DERBY-2109
>                 URL: https://issues.apache.org/jira/browse/DERBY-2109
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>    Affects Versions: 10.3.1.4
>            Reporter: Rick Hillegas
>            Assignee: Martin Zaun
>         Attachments: DERBY-2109-02.diff, DERBY-2109-02.stat, derby-2109-03-javadoc-see-tags.diff,
DERBY-2109-04.diff, DERBY-2109-04.stat, DERBY-2109-05and06.diff, DERBY-2109-05and06.stat,
DERBY-2109-07.diff, DERBY-2109-07.stat, DERBY-2109-08.diff, DERBY-2109-08.stat, DERBY-2109-08_addendum.diff,
DERBY-2109-08_addendum.stat, DERBY-2109-09.diff, DERBY-2109-09.stat, DERBY-2109-10.diff, DERBY-2109-10.stat,
DERBY-2109-11.diff, DERBY-2109-11.stat, SystemPrivilegesBehaviour.html, systemPrivs.html,
systemPrivs.html, systemPrivs.html, systemPrivs.html
>
>
> Add mechanisms for controlling system-level privileges in Derby. See the related email
discussion at http://article.gmane.org/gmane.comp.apache.db.derby.devel/33151.
> The 10.2 GRANT/REVOKE work was a big step forward in making Derby more  secure in a client/server
configuration. I'd like to plug more client/server security holes in 10.3. In particular,
I'd like to focus on  authorization issues which the ANSI spec doesn't address.
> Here are the important issues which came out of the email discussion.
> Missing privileges that are above the level of a single database:
> - Create Database
> - Shutdown all databases
> - Shutdown System
> Missing privileges specific to a particular database:
> - Shutdown that Database
> - Encrypt that database
> - Upgrade database
> - Create (in that Database) Java Plugins (currently  Functions/Procedures, but someday
Aggregates and VTIs)
> Note that 10.2 gave us GRANT/REVOKE control over the following  database-specific issues,
via granting execute privilege to system  procedures:
> Jar Handling
> Backup Routines
> Admin Routines
> Import/Export
> Property Handling
> Check Table
> In addition, since 10.0, the privilege of connecting to a database has been controlled
by two properties (derby.database.fullAccessUsers and derby.database.defaultConnectionMode)
as described in the security section of the Developer's Guide (see http://db.apache.org/derby/docs/10.2/devguide/cdevcsecure865818.html).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message