db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3673) Add checks that a new role isn't already a user authorization id
Date Thu, 15 May 2008 11:37:55 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12597092#action_12597092
] 

Dag H. Wanvik commented on DERBY-3673:
--------------------------------------

Thanks for looking at this, Rick!
I think all your comments are valid, thanks! The schema owner authid
fell off my radar at some point, thanks for catching that.


> Add checks that a new role isn't already a user authorization id
> ----------------------------------------------------------------
>
>                 Key: DERBY-3673
>                 URL: https://issues.apache.org/jira/browse/DERBY-3673
>             Project: Derby
>          Issue Type: Sub-task
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.5.0.0
>
>         Attachments: derby-3673-1.diff, derby-3673-1.diff, derby-3673-1.stat
>
>
> Derby current does not have dictionary information about legal users.
> Authentication is configurable as being derby internal, LDAP based, or
> user supplied.
> SQL specifies that user ids and role names go in the same namespace
> (authorization ids).  Therefore, at role creation time, a new role
> name should be checked against legal users for this database, and be
> defined if there is already a user id by that name.
> Unfortunately, since there is currently no reliable dictionary
> information about legal users, the best we can do presently is perform
> heuristic checks that a proposed role id is not already a user id.
> Since the check can not not reliable, we should also add a check to
> prohibit conncting with a user id that is a known role id.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message