db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3736) Revoking a column level privilege from a user, a prepared statement relying on that privilege can still be executed
Date Wed, 25 Jun 2008 21:24:45 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3736?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik updated DERBY-3736:
---------------------------------

    Attachment: GrantRevokeDDLTest.diff
                column-level.sql
                table-level.sql

Attaching a repro, column-level.sql which shows the issue.
For contrast I attach table-level.sql which fails as expected.

I also attach a diff I made to GrantRevokeDDLTest with a test case
which can be used to reproduce.

I ran the scripts with this incantation
java -Dderby.user.dag=wanvik -Dderby.user.donald=duck -Dderby.connection.requireAuthentication=true
-Dderby.database.sqlAuthorization=true -jar derbyrun.jar ij < script


> Revoking a column level privilege from a user, a prepared statement relying on that privilege
can still be executed 
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3736
>                 URL: https://issues.apache.org/jira/browse/DERBY-3736
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3
>            Reporter: Dag H. Wanvik
>         Attachments: column-level.sql, GrantRevokeDDLTest.diff, table-level.sql
>
>
> When a table level SELECT privilege is revoked, a dependent prepared statement is 
> invalidated and can no longer be executed, but in the case of a column level privilege
> SELECT privilege, the dependent prepared statement can still be executed.
> This works as expected in 10.2, but does not work in all 10.3 and 10.4 releases.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message