db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3929) SQL roles: tighten up check for existing user name collision when creating a role
Date Wed, 29 Oct 2008 12:25:44 GMT
SQL roles: tighten up check for existing user name collision when creating a role
---------------------------------------------------------------------------------

                 Key: DERBY-3929
                 URL: https://issues.apache.org/jira/browse/DERBY-3929
             Project: Derby
          Issue Type: Improvement
            Reporter: Dag H. Wanvik


Cf section 6.2 "The authorization identifier name space issue" in
spec.html (rev 9) attached to DERBY-2207.

One more check to avoid collision could be attempted (this is the last
loophole that I am aware of), but is currently not being performed:
Even if there is no trace of a user in the dictionary (as schema owner
or grantee for privileges or roles), there *could* still be a user
connected with the proposed name of the role being created. This could
be checked by maintaining a list of connected users with reference
counts, but would impose a cost (synchronize, hash name and check
table) at connection time.

Even if this scenario could unfold; I can't (yet) see any serious
consequences of it happening (CURRENT_USER would still work as
expected). The next time the user connects she would be denied, sicne
there is a role by that name.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message