db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-5395) By default, only the DBO should be allowed to run several of the diagnostic VTIs.
Date Tue, 30 Aug 2011 19:33:41 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas updated DERBY-5395:

    Attachment: derby-5395-01-ac-protectVTIs.diff

Attaching derby-5395-01-ac-protectVTIs.diff. This patch implements approach (1), raising an
error at instantiation time if these VTIs are invoked by someone other than the DBO when authorization
is turned on. I have written a regression test but need to run the full suite.

The regression test I wrote for this fix revealed that the StatementDuration and ErrorLogReader
VTIs were reading a system property outside a privileged block. I wrapped those reads in a
privileged block as part of this patch.

Touches the following files:


M      java/engine/org/apache/derby/loc/messages.xml
M      java/shared/org/apache/derby/shared/common/reference/SQLState.java
A      java/engine/org/apache/derby/diag/DiagUtil.java

Logic to raise an exception if authorization is enabled and the current user isn't a DBO.


M      java/engine/org/apache/derby/diag/StatementCache.java
M      java/engine/org/apache/derby/diag/StatementDuration.java
M      java/engine/org/apache/derby/diag/TransactionTable.java
M      java/engine/org/apache/derby/diag/ErrorLogReader.java

Wires that check into the VTI constructors.


M      java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
A      java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java

New regression test for this behavior.

> By default, only the DBO should be allowed to run several of the diagnostic VTIs.
> ---------------------------------------------------------------------------------
>                 Key: DERBY-5395
>                 URL: https://issues.apache.org/jira/browse/DERBY-5395
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>         Attachments: derby-5395-01-ac-protectVTIs.diff
> Only the DBO should be allowed to run the following VTIs:
>   syscs_diag.statement_cache
>   syscs_diag.transaction_table
>   syscs_diag.error_log_reader( )
>   syscs_diag.statement_duration()

This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message