db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4191) Lack of SELECT privilege does not prevent SELECT COUNT(*)
Date Mon, 27 Apr 2009 14:12:30 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Knut Anders Hatlen updated DERBY-4191:
--------------------------------------

    Attachment: repro.sql

Attached is a repro script showing that count(x) is disallowed and count(*) is allowed for
a non-privileged user.

$ java -Dderby.database.sqlAuthorization=true -jar lib/derbyrun.jar ij repro.sql
ij version 10.5
ij> connect 'jdbc:derby:db;user=root;create=true';
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij> create table t (x int);
0 rows inserted/updated/deleted
ij> insert into t values 1,2,3;
3 rows inserted/updated/deleted
ij> connect 'jdbc:derby:db;user=kah';
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij(CONNECTION1)> select count(x) from root.t;
ERROR 42502: User 'KAH' does not have SELECT permission on column 'X' of table 'ROOT'.'T'.
ij(CONNECTION1)> select count(*) from root.t;
1          
-----------
3          

1 row selected
ij(CONNECTION1)>

> Lack of SELECT privilege does not prevent SELECT COUNT(*)
> ---------------------------------------------------------
>
>                 Key: DERBY-4191
>                 URL: https://issues.apache.org/jira/browse/DERBY-4191
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.4.2.0, 10.5.1.1
>            Reporter: Knut Anders Hatlen
>         Attachments: repro.sql
>
>
> A user that does not have SELECT privilege on a table can still perform a SELECT COUNT(*)
on that table. Counting a specific column (e.g., SELECT COUNT(X)) is prevented.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message