Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9BE027456 for ; Fri, 9 Dec 2011 18:47:02 +0000 (UTC) Received: (qmail 88104 invoked by uid 500); 9 Dec 2011 18:47:02 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 88087 invoked by uid 500); 9 Dec 2011 18:47:02 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 88075 invoked by uid 99); 9 Dec 2011 18:47:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Dec 2011 18:47:02 +0000 X-ASF-Spam-Status: No, hits=-2001.2 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Dec 2011 18:47:01 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 35A7C1091D6 for ; Fri, 9 Dec 2011 18:46:41 +0000 (UTC) Date: Fri, 9 Dec 2011 18:46:41 +0000 (UTC) From: "Mike Matrigali (Commented) (JIRA)" To: derby-dev@db.apache.org Message-ID: <1142608988.59422.1323456401221.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (DERBY-866) Derby User Management Enhancements MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13166424#comment-13166424 ] Mike Matrigali commented on DERBY-866: -------------------------------------- In the past I worked on a system that had a 2 database system where one database had info about the other databases. This caused some support nightmares, especially when a single database problem could prevent access to all databases. With derby it is nice that all databases are a unit unto themselves and that is what the current architecture is built around. A number of issues jump to mind if you start assume multiple access on one connection: o now backup of a database becomes more complicated as it can be out of sync with the master db o are databases now not portable across systems, or only if combined with master db? o how does this affect replication? o can the master db be encrypted, and if so how do you get multiple keys from single connection? o does collation of the 2 dbs have an effect, now do all dbs in the system need same collation? Having a separate db to me seems like even more administration for derby. Also for derby a database is a pretty heavy weight object in the system. A good Derby application is one that is embedded and uses a single database. This is the best case usage of Derby. Of course multiple databases are allowed and work but often lead to unexpected problems. Adding a 2nd db in a normal case may double the memory requirements of derby given the 1 cache per database model currently implemented, n background threads per active db, ... > Derby User Management Enhancements > ---------------------------------- > > Key: DERBY-866 > URL: https://issues.apache.org/jira/browse/DERBY-866 > Project: Derby > Issue Type: Improvement > Components: Services > Affects Versions: 10.2.1.6 > Reporter: Francois Orsini > Assignee: Rick Hillegas > Attachments: Derby_User_Enhancement.html, Derby_User_Enhancement_v1.1.html, DummyAuthenticator.java, UserManagement.html, UserManagement.html, UserManagement.html, derby-866-01-aa-sysusers.diff, derby-866-01-ab-sysusers.diff, dummyCredentials.properties > > > Proposal to enhance Derby's Built-In DDL User Management. (See proposal spec attached to the JIRA). > Abstract: > This feature aims at improving the way BUILT-IN users are managed in Derby by providing a more intuitive and familiar DDL interface. Currently (in 10.1.2.1), Built-In users can be defined at the system and/or database level. Users created at the system level can be defined via JVM or/and Derby system properties in the derby.properties file. Built-in users created at the database level are defined via a call to a Derby system procedure (SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY) which sets a database property. > Defining a user at the system level is very convenient and practical during the development phase (EOD) of an application - However, the user's password is not encrypted and consequently appears in clear in the derby.properties file. Hence, for an application going into production, whether it is embedded or not, it is preferable to create users at the database level where the password is encrypted. > There is no real ANSI SQL standard for managing users in SQL but by providing a more intuitive and known interface, it will ease Built-In User management at the database level as well as Derby's adoption. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira