db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hiranya Jayathilaka <hiranya...@gmail.com>
Subject Re: SQL Authorization for dblook: Progress Update
Date Sun, 31 May 2009 18:09:49 GMT
Hi Knut,

On Sun, May 31, 2009 at 6:38 AM, Knut Anders Hatlen <Knut.Hatlen@sun.com>wrote:

> Dag.Wanvik@Sun.COM (Dag H. Wanvik) writes:
> > Presumably the output will be an ij script, so the ij CONNECT command
> > would be used?
> >
> > As far as password for user is needed, we need to think carefully
> > about how to solve this issue. A approach would be to leave
> > passwords open in the script to be supplied (edited in) by the data
> > base owner as the script is run, or provide the dblook tool with an
> > interface to fetch passwords for a given user.
> If dblook starts outputting ij CONNECT commands, we introduce an
> incompatibility, as the current output can be used unmodified to copy
> the schema over to a new database with a different name, like this:
> java org.apache.derby.tools.dblook -d jdbc:derby:db | java
> -Dij.database="jdbc:derby:copy;create=true" org.apache.derby.tools.ij
> This would stop working if "CONNECT 'jdbc:derby:db';" had been added to
> the output.

Thanks for pointing this out early.

> I agree that we should not add the passwords to the output.

I too believe that it's not a good idea to mention user passwords in the
database scripts generated by dblook. I like the idea suggested by Dag to
leave them open in the scripts to be filled in. But if adding the CONNECT
command breaks the existing functionality then I guess that's out too :(

> To keep it
> simple in the first iteration, we could perhaps just print a comment
> stating that the statements below need to be executed as user X in order
> to get the exact same dependencies as in the original database. That's
> consistent with what dblook currently does for the initial connection,
> it prints the URL in a header comment instead of printing a CONNECT
> statement.

+1. We can make this the default behavior. We can also provide a switch to
make this configurable so when a certain property is turned on, CONNECT
statements would be generated instead of the comments with passwords left
open to be filled in.

java org.apache.derby.tools.dblook -d jdbc:derby:db --> Generates comments
indicating how connections should be created and closed

java org.apache.derby.tools.dblook -d jdbc:derby:db -connectStatements on
--> Generate CONNECT/DISCONNECT statements instead of the comments



> If we later find an elegant solution to this problem, it should be
> fairly easy to replace the comment with whatever we come up with. But I
> don't think the lack of an elegant solution at this point is a
> showstopper, as printing the DDL in sorted order would be a great
> improvement by itself.
> --
> Knut Anders

Hiranya Jayathilaka
Software Engineer;
WSO2 Inc.;  http://wso2.org
E-mail: hiranya@wso2.com;  Mobile: +94 77 633 3491
Blog: http://techfeast-hiranya.blogspot.com

View raw message