db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: 10.4 Feature Freeze
Date Fri, 29 Feb 2008 04:53:17 GMT
Martin Zaun wrote:
> Dyre.Tjeldvoll@Sun.COM wrote:
>> Daniel John Debrunner <djd@apache.org> writes:
>>> Dyre.Tjeldvoll@Sun.COM wrote:
>>>> Here is the current status (based on what I know):
>>>> Feature                  Status
>>>> --------------------------------------------------
>>>> System privileges        On track
>>>    Have you any more information on the state of this? 
> a) The latest patch, just published, addresses the J2ME/CDC failures;
>    I hope this blocking issues is resolved, but we probably want to
>    wait for some confirming J2ME/CDC test results.   I'm not aware of
>    other, major objections, and it was suggested to handle follow-up
>    and polishing items in a separate JIRA.

The format of SystemPrincipal identifiers in policy files (and as the 
argument SystemPrincipal's constructor) does not match what a technical 
discussion in DERBY-2109 decided, see DERBY-3477. This is due an 
unforeseen limitation in the way the Java security implementation 
handles Principal names in policy files. The resulting format 
implemented by the patch does not really make sense (not the 
implementor's fault, it's due to the limitation) and will be hard to 
explain to users (connection requests that lead to identical database 
identifiers end up with different permissions). An implementation cannot 
be driving a format that is security critical and part of the Derby's 
public api. In addition in trying to work around the format limitations 
a security hole has been introduced (I'll add details to DERBY-3477).

Then the addition of JMX using system permissions has led to the 
realization that the names don't match the expected format for 
permissions in terms of "name" (object the permission applies to) and 
"actions" (actions on that object). This can often happen when a single 
use of an object is expanded.

So while I think there are no major objections to the current patch (I 
haven't looked at v12 yet), I don't think the remaining items should be 
seen as just polishing, and thus they may take some amount of effort 
including some design. I see the current patch as a great step forward, 
but somewhat flawed, but provides a framework to proceed.

Thus while the work done specifically in DERBY-2109 may be near to 
completion, its sub-tasks and related issues may not be and I think 
those need to be completed before a release. Mainly because they are 
both defining public api's and are security related, both things that we 
as a community should try to get right thus not having to deal with 
changing formats and backwards compatibility later.


View raw message