db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
Date Mon, 17 Mar 2008 23:35:24 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579667#action_12579667
] 

Kathey Marsden commented on DERBY-3160:
---------------------------------------

I wonder if this issue should be marked Existing Application Impact, since it required 
all the SYSCS_GET_USER_ACCESS  and SYSCS_SET_USER_ACCESS calls to use 
upper case in the test.

> SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier
and thus can reports the wrong user information
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3160
>                 URL: https://issues.apache.org/jira/browse/DERBY-3160
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.3.1.4, 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Assignee: Daniel John Debrunner
>            Priority: Minor
>             Fix For: 10.4.0.0
>
>
> VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if
the user name needs to be a delimited identifier when used in a SQL statement such as GRANT.
E.g. user fred@derby.com, 123 etc.
> Passing the user name as a VARCHAR also returns the wrong user for such user names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message