db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4272) SQL Authorization Support for dblook
Date Sun, 23 Aug 2009 21:35:59 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12746677#action_12746677
] 

Dag H. Wanvik commented on DERBY-4272:
--------------------------------------

Thanks for the new patch. Will look at it more tomorrow. Answers to your questions:

> * APP schema is now ignored when creating schemas

Hopefully only if it is empty :)

> To get the DBO username I used conn.getMetaData().getUserName(). But
> I think this will work properly only if we start dblook with a
> connection belonging to DBO. Is that ok? If not what is the right
> way to find the DBO username?

The safe way is to look for the owner of the system tables,
e.g. SYS.SYSSCHEMAS.


> On a different note do we really need to create a connection (in
> the generated script) as DBO before creating roles? In order to run
> the generated script we need to create a connection anyway.

One can specify the user and password on the ij command line [1], yes,
if that is what you mean (although it is not required).

I guess that is OK sometimes, although it is generally deemed safer
*not* to supply user credentials on the command line, since the
strings can be gleaned by another process under UNIX, e.g. with
ps(1). Editing the password into dblook output file avoids that
security issue. So for the latter use case, it would be good to
generate the DBO connect statement, I think.

[1]
http://db.apache.org/derby/docs/10.5/tools/rtoolsijproprefuser.html
http://db.apache.org/derby/docs/10.5/tools/rtoolsijproprefpassword.html

> The test case is coming along nicely. I may have some question on
>  that. Will start a mail thread regarding them soon.

Great!


> SQL Authorization Support for dblook
> ------------------------------------
>
>                 Key: DERBY-4272
>                 URL: https://issues.apache.org/jira/browse/DERBY-4272
>             Project: Derby
>          Issue Type: Improvement
>          Components: Tools
>         Environment: Any
>            Reporter: Hiranya Jayathilaka
>            Assignee: Hiranya Jayathilaka
>         Attachments: DERBY-4272-changes-u1.txt, DERBY-4272-changes-u2.txt, DERBY-4272-changes-u3.txt,
DERBY-4272-changes-u4.txt, DERBY-4272-changes-u5.txt, DERBY-4272-u1.patch, DERBY-4272-u2.patch,
DERBY-4272-u3.patch, DERBY-4272-u4.patch, DERBY-4272-u5.patch, dhw-sample-1.sql, new.sql,
old.sql
>
>
> Currently dblook suffers from two major shortcomings.
> 1. dblook doesn't take the object dependencies into consideration when generating DDL
scripts
> 2. dblook doesn't have any support for SQL authorization
> I intend to fix these two issues and improve dblook so that the DDL scripts generated
by dblook can be executed without errors under all conditions.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message