db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-3146) Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
Date Thu, 21 Mar 2013 07:09:15 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13608712#comment-13608712

Dag H. Wanvik commented on DERBY-3146:

We don't usually backport functional changes/improvements to old branches, only bug fixes.
If you need these changes, you could always consider building it yourself. I just checked
and it merges cleanly to the head of the 10.8 branch (check that out first [1]) as

svn merge -c 1336775 https://svn.apache.org/repos/asf/db/derby/code/trunk

[1] svn checkout https://svn.apache.org/repos/asf/db/derby/code/branches/10.8

> Adjust length restriction on user identifiers (authorization ids) to same as other identifiers
> ----------------------------------------------------------------------------------------------
>                 Key: DERBY-3146
>                 URL: https://issues.apache.org/jira/browse/DERBY-3146
>             Project: Derby
>          Issue Type: Improvement
>          Components: JDBC, SQL
>    Affects Versions:,,,,,,,,,,,,,,,,,,,
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>            Priority: Minor
>             Fix For:
>         Attachments: DERBY-3146.diff, DERBY-3146.stat
> While working on roles, I notice that there is a max size of 30 on
> user ids in derby (authorization identifiers), e.g. the check being
> performed in the parser:
> private void checkAuthorizationLength( String authorization)
> :
>    checkIdentifierLengthLimit( authorization, Limits.DB2_MAX_USERID_LENGTH);
> :
> where Limits.DB2_MAX_USERID_LENGTH == 30. I have checked, and I don't
> think there are any fundamental reasons why Derby can't lift this DB2
> restriction: Then authorization identifiers would have the same max
> limit as other identifiers: 128 (Limits.MAX_IDENTIFIER_LENGTH).
> Currently, this limit of 30 is enforced for GRANT/REVOKE, i.e. for the
> grantees.
> However, in the CREATE SCHEMA statement, the clause
>          AUTHORIZATION <authorization identifier>
> which allows specifying a schema's owner, is *not* subject to this
> restriction. This is also reflected in the reference documentation for
> system tables:
> Column Name 	Type 	Length 	Nullability 	Contents
> -------------------------------------------------------------------
> AUTHORIZATIONID VARCHAR 128     false           the authorization
>                                                 identifier of the
>                                                 owner of the schema  
> Column Name 	Type 	Length 	Nullability 	Contents
> -------------------------------------------------------------------
> GRANTEE 	VARCHAR 30 	False 	        The authorization ID
>                                                 of the user to whom
>                                                 the privilege is
>                                                 granted.  
> Furthermore, the limit is enforced in the authorizer code
> (AuthorizationServiceBase#authenticate). It is also reflected in the
> metadata: EmbedDatabaseMetaData#getMaxUserNameLength.
> I think it would be good to harmonize these two different limits for
> authorization identifier and change the limit to 128

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message