db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta A. Satoor (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4191) Lack of SELECT privilege does not prevent SELECT COUNT(*)
Date Fri, 11 Dec 2009 07:35:18 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Mamta A. Satoor updated DERBY-4191:
-----------------------------------

    Attachment: DERBY4191_miniumSelectPrivOnAllTables_stat_patch3.txt
                DERBY4191_miniumSelectPrivOnAllTables_diff_patch3.txt

I am attaching a new patch (DERBY4191_miniumSelectPrivOnAllTables_diff_patch3.txt) which now
adds a minimum select privilege requirement for all the tables in a SELECT query and if such
a requirement is already getting satisfied with already existing select privilege requirement
on the table(s), then we will not add the redundant minimum select privilege requirement.
eg
select c1 from t1
For the query above, we do not require a minimum select privilege on t1 because we have already
select privilege requirement on t1.c1 
Now consider the following query
select 1 from t1
For the query above, we DO want to add a minumum select privilege on t1 because there is no
other select privilege requirement on table t1 or any of it's columns.

The code had to be intelligent enough to not require minimum select privilege for following
query
update t1 set c1=1
for this query, we have a SelectNode which provides the resultset for update. But for this
SelectNode, we do not want any minimum select privileges on t1. Code for recognizing such
a query is added into SelectNode.

I have run all the junit and derbyall tests and only ran into known jira issue DERBY-4463.
Prior run of junit with the patch gave me some upgrade test failures which I occassionally
run into on my machine and I do not think those upgrade test failures are related to my patch.
I will greatly appreciate if someone can run the junit tests for me with the patch to make
sure they run fine.

Please let me know if anyone has any feedback on the patch. I will plan on committing it early
next week. Thanks

> Lack of SELECT privilege does not prevent SELECT COUNT(*)
> ---------------------------------------------------------
>
>                 Key: DERBY-4191
>                 URL: https://issues.apache.org/jira/browse/DERBY-4191
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.4.2.0, 10.5.1.1
>            Reporter: Knut Anders Hatlen
>            Assignee: Mamta A. Satoor
>         Attachments: DERBY4191_ColumnLevelCheckInStatmentColumnPerm_diff_patch2.txt,
DERBY4191_ColumnLevelCheckInStatmentColumnPerm_stat_patch2.txt, DERBY4191_ColumnLevelCheckInStatmentTablePerm_diff_patch1.txt,
DERBY4191_countStar_privilege_diff_patch1.txt, DERBY4191_miniumSelectPrivOnAllTables_diff_patch3.txt,
DERBY4191_miniumSelectPrivOnAllTables_stat_patch3.txt, repro.sql
>
>
> A user that does not have SELECT privilege on a table can still perform a SELECT COUNT(*)
on that table. Counting a specific column (e.g., SELECT COUNT(X)) is prevented.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message