Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4E44C9F18 for ; Thu, 10 May 2012 14:44:32 +0000 (UTC) Received: (qmail 51698 invoked by uid 500); 10 May 2012 14:44:32 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 51672 invoked by uid 500); 10 May 2012 14:44:32 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 51663 invoked by uid 99); 10 May 2012 14:44:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 May 2012 14:44:32 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of knut.hatlen@oracle.com designates 141.146.126.227 as permitted sender) Received: from [141.146.126.227] (HELO acsinet15.oracle.com) (141.146.126.227) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 May 2012 14:44:25 +0000 Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q4AEi2Jj032412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 10 May 2012 14:44:03 GMT Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q4AEi2wL000145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 10 May 2012 14:44:02 GMT Received: from abhmt116.oracle.com (abhmt116.oracle.com [141.146.116.68]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id q4AEi1Tl025374 for ; Thu, 10 May 2012 09:44:02 -0500 Received: from localhost (/46.9.75.177) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 10 May 2012 07:44:01 -0700 From: Knut Anders Hatlen To: Subject: Re: Casing of USERNAME arguments in the new NATIVE procedures References: <4FA936F0.90706@oracle.com> Date: Thu, 10 May 2012 16:43:59 +0200 In-Reply-To: <4FA936F0.90706@oracle.com> (Rick Hillegas's message of "Tue, 08 May 2012 08:08:32 -0700") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1.50 (usg-unix-v) MIME-Version: 1.0 Content-Type: text/plain X-Source-IP: acsinet21.oracle.com [141.146.126.237] X-Virus-Checked: Checked by ClamAV on apache.org Thanks for writing this up, Rick. Some comments below. Rick Hillegas writes: > During buddy-testing, some confusion arose around how to case the > USERNAME arguments of NATIVE procedures. Derby user names (specified > on connection urls) are case-insensitive, but the USERNAME arguments > to the NATIVE procedures are case-sensitive. This means that you > create a user this way... > > -- create two separate users > call syscs_util.syscs_create_user( 'FRED', 'fredPassword' ); > call syscs_util.syscs_create_user( 'fREd', 'fREdPassword' ); > > ...FRED can log in like this... > > connect 'jdbc:derby:db;user=fred;password=fredPassword'; > > or > > connect 'jdbc:derby:db;user=fREd;password=fredPassword'; > > ...while fREd has to double-quote his user name in order to log in: > > connect 'jdbc:derby:memory:db;user="fREd";password=fredPassword'; This behaviour is actually different from what you get in BUILTIN. There you would define the two users this way... call syscs_util.syscs_set_database_property('derby.user.FRED', 'fredPassword'); call syscs_util.syscs_set_database_property('derby.user.fREd', 'fREdPassword'); ...FRED can log in like this... connect 'jdbc:derby:memory:db;user=FRED;password=fredPassword'; ...but not like this... connect 'jdbc:derby:memory:db;user=fREd;password=fredPassword'; ...and you'll be refused access if you double-quote the user name... ij> connect 'jdbc:derby:memory:db;user="fREd";password=fREdPassword'; ERROR 08004: Connection authentication failure occurred. Reason: Invalid authentication.. ...because fREd needs to log in this way... connect 'jdbc:derby:memory:db;user=fREd;password=fREdPassword'; For both FRED and fREd, VALUES CURRENT_USER will return FRED. It looks like the user names are not normalized until they are mapped to their respective authorization identifiers. And when they differ only in casing, they both map to the same identifier, even though they are two different users with different passwords. If NATIVE had done the same thing, having case-sensitive user name parameters in the SYSCS_UTIL procedures would be less confusing, I think, as it would be consistent with how user names are handled in the URL and in the methods DriverManager.getConnection(url, user, pass) DataSource.getConnection(user, pass) ConnectionPoolDataSource.getPooledConnection(user, pass) XADataSource.getXAConnection(user, pass) I'm not sure how much sense it makes to support user names that only differ in casing, like BUILTIN does, so I wouldn't object to NATIVE refusing to add both FRED and fREd in the same database. Mapping multiple users to the same authorization identifier definitely is confusing, and I doubt that anyone is (intentionally) depending on that feature. -- Knut Anders