db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3673) Add checks that a new role isn't already a user authorization id
Date Tue, 13 May 2008 14:42:55 GMT
Add checks that a new role isn't already a user authorization id
----------------------------------------------------------------

                 Key: DERBY-3673
                 URL: https://issues.apache.org/jira/browse/DERBY-3673
             Project: Derby
          Issue Type: Sub-task
            Reporter: Dag H. Wanvik


Derby current does not have dictionary information about legal users.
Authentication is configurable as being derby internal, LDAP based, or
user supplied.

SQL specifies that user ids and role names go in the same namespace
(authorization ids).  Therefore, at role creation time, a new role
name should be checked against legal users for this database, and be
defined if there is already a user id by that name.

Unfortunately, since there is currently no reliable dictionary
information about legal users, the best we can do presently is perform
heuristic checks that a proposed role id is not already a user id.

Since the check can not not reliable, we should also add a check to
prohibit conncting with a user id that is a known role id.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message