You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Yip Ng (JIRA)" <de...@db.apache.org> on 2006/08/17 00:18:15 UTC
[jira] Created: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
----------------------------------------------------------------------------------------------------------
Key: DERBY-1708
URL: http://issues.apache.org/jira/browse/DERBY-1708
Project: Derby
Issue Type: Bug
Affects Versions: 10.2.0.0
Environment: Sun JDK 1.4.2
Reporter: Yip Ng
An unprivileged user was able to lock a table for which he/she does not own. e.g.:
ij version 10.2
ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij> create table t1 (i int);
0 rows inserted/updated/deleted
ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
WARNING 01J14: SQL authorization is being used without first enabling authentication.
ij(USER2)> autocommit off;
ij(USER2)> lock table user1.t1 in exclusive mode;
0 rows inserted/updated/deleted
sysinfo:
------------------ Java Information ------------------
Java Version: 1.4.2_12
Java Vendor: Sun Microsystems Inc.
Java home: C:\Program Files\Java\j2re1.4.2_12
Java classpath: derby.jar;derbytools.jar;.
OS name: Windows XP
OS architecture: x86
OS version: 5.1
Java user name: Yip
Java user home: C:\Documents and Settings\Yip
Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
java.specification.name: Java Platform API Specification
java.specification.version: 1.4
--------- Derby Information --------
JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
[C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
[C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
)
------------------------------------------------------
----------------- Locale Information -----------------
Current Locale : [English/United States [en_US]]
Found support for locale: [de_DE]
version: 10.2.1.0 - (430903)
Found support for locale: [es]
version: 10.2.1.0 - (430903)
Found support for locale: [fr]
version: 10.2.1.0 - (430903)
Found support for locale: [it]
version: 10.2.1.0 - (430903)
Found support for locale: [ja_JP]
version: 10.2.1.0 - (430903)
Found support for locale: [ko_KR]
version: 10.2.1.0 - (430903)
Found support for locale: [pt_BR]
version: 10.2.1.0 - (430903)
Found support for locale: [zh_CN]
version: 10.2.1.0 - (430903)
Found support for locale: [zh_TW]
version: 10.2.1.0 - (430903)
------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Rajesh Kartha (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Rajesh Kartha updated DERBY-1708:
---------------------------------
Urgency: Urgent
This issue needs resolution for 10.2, hence bumping the urgency.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Yip Ng reassigned DERBY-1708:
-----------------------------
Assignee: Yip Ng
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Yip Ng updated DERBY-1708:
--------------------------
Attachment: derby1708-trunk-stat01.txt
derby1708-trunk-diff01.txt
Submitting patch derby1708-trunk.diff01.txt for trunk.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Yip Ng updated DERBY-1708:
--------------------------
Attachment: derby1708-10.2-stat01.txt
derby1708-10.2-diff01.txt
Attaching patch for DERBY-1708 for 10.2. The problem is that the lock table statement is missing the logic to collect the required privilege at compilation phase; thus, it fails to enforce the required privilege needed by the statement at execution time. Running derbyall now. The patch is ready for review.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Mike Matrigali (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Mike Matrigali updated DERBY-1708:
----------------------------------
Derby Info: (was: [Patch Available])
patch has been applied to trunk and 10.2, unchecking patch available.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Rick Hillegas (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Rick Hillegas updated DERBY-1708:
---------------------------------
Fix Version/s: 10.2.1.0
Assign to 10.2.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=comments#action_12430441 ]
Yip Ng commented on DERBY-1708:
-------------------------------
Thanks for taking the time to review the patch, Mamta.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Mike Matrigali (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Mike Matrigali updated DERBY-1708:
----------------------------------
it looks like this patch no longer applies as there have been subsequent changes to the grantRevokeddl test, could you submit a new patch:
m3_142:131>patch --dry-run -p0 -i c:/tmp/derby1708-10.2-diff01.txt
patching file `java/engine/org/apache/derby/impl/sql/compile/LockTableNode.java'
patching file `java/testing/org/apache/derbyTesting/functionTests/tests/lang/gra
ntRevokeDDL.sql'
Hunk #1 FAILED at 1782.
1 out of 1 hunk FAILED -- saving rejects to java/testing/org/apache/derbyTesting
/functionTests/tests/lang/grantRevokeDDL.sql.rej
patching file `java/testing/org/apache/derbyTesting/functionTests/master/grantRe
vokeDDL.out'
Hunk #1 FAILED at 2834.
1 out of 1 hunk FAILED -- saving rejects to java/testing/org/apache/derbyTesting
/functionTests/master/grantRevokeDDL.out.rej
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Mike Matrigali (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Mike Matrigali resolved DERBY-1708.
-----------------------------------
Resolution: Fixed
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Mamta A. Satoor (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=comments#action_12430404 ]
Mamta A. Satoor commented on DERBY-1708:
----------------------------------------
I realize that the patch for this jira entry is already committed but just wanted to share that I reviewed the patch and it looks good. Thanks, Yip.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Mike Matrigali (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Mike Matrigali updated DERBY-1708:
----------------------------------
I am looking at building/testing this patch against the trunk, would appreciate at least one other person to review.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=comments#action_12430446 ]
Yip Ng commented on DERBY-1708:
-------------------------------
Thanks for reviewing and committing the patch, Mike.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=comments#action_12429358 ]
Yip Ng commented on DERBY-1708:
-------------------------------
derbyall passes, no new regression introduced with this patch.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Yip Ng updated DERBY-1708:
--------------------------
Derby Info: [Patch Available]
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Mike Matrigali (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Mike Matrigali updated DERBY-1708:
----------------------------------
Fix Version/s: 10.3.0.0
committed to trunk:
m1_142:148>svn commit
Sending java\engine\org\apache\derby\impl\sql\compile\LockTableNode.java
Sending java\testing\org\apache\derbyTesting\functionTests\master\grantRevokeDDL.out
Sending java\testing\org\apache\derbyTesting\functionTests\tests\lang\grantRevokeDDL.sql
Transmitting file data ...
Committed revision 434577.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Rick Hillegas (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=comments#action_12430615 ]
Rick Hillegas commented on DERBY-1708:
--------------------------------------
Ported DERBY-1708 (434577) to 10.2 branch at subversion revision 436929.
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.1.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
> Assigned To: Yip Ng
> Fix For: 10.2.1.0, 10.3.0.0
>
> Attachments: derby1708-10.2-diff01.txt, derby1708-10.2-stat01.txt, derby1708-trunk-diff01.txt, derby1708-trunk-stat01.txt
>
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-1708) Unprivileged user can perform lock
table statement on a table which he/she does not have any access rights
Posted by "Yip Ng (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Yip Ng updated DERBY-1708:
--------------------------
Component/s: SQL
> Unprivileged user can perform lock table statement on a table which he/she does not have any access rights
> ----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-1708
> URL: http://issues.apache.org/jira/browse/DERBY-1708
> Project: Derby
> Issue Type: Bug
> Components: SQL
> Affects Versions: 10.2.0.0
> Environment: Sun JDK 1.4.2
> Reporter: Yip Ng
>
> An unprivileged user was able to lock a table for which he/she does not own. e.g.:
> ij version 10.2
> ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1;
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij> create table t1 (i int);
> 0 rows inserted/updated/deleted
> ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2;
> WARNING 01J01: Database 'wombat' not created, connection made to existing database instead.
> WARNING 01J14: SQL authorization is being used without first enabling authentication.
> ij(USER2)> autocommit off;
> ij(USER2)> lock table user1.t1 in exclusive mode;
> 0 rows inserted/updated/deleted
> sysinfo:
> ------------------ Java Information ------------------
> Java Version: 1.4.2_12
> Java Vendor: Sun Microsystems Inc.
> Java home: C:\Program Files\Java\j2re1.4.2_12
> Java classpath: derby.jar;derbytools.jar;.
> OS name: Windows XP
> OS architecture: x86
> OS version: 5.1
> Java user name: Yip
> Java user home: C:\Documents and Settings\Yip
> Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib
> java.specification.name: Java Platform API Specification
> java.specification.version: 1.4
> --------- Derby Information --------
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903)
> [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - (430903
> )
> ------------------------------------------------------
> ----------------- Locale Information -----------------
> Current Locale : [English/United States [en_US]]
> Found support for locale: [de_DE]
> version: 10.2.1.0 - (430903)
> Found support for locale: [es]
> version: 10.2.1.0 - (430903)
> Found support for locale: [fr]
> version: 10.2.1.0 - (430903)
> Found support for locale: [it]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ja_JP]
> version: 10.2.1.0 - (430903)
> Found support for locale: [ko_KR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [pt_BR]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_CN]
> version: 10.2.1.0 - (430903)
> Found support for locale: [zh_TW]
> version: 10.2.1.0 - (430903)
> ------------------------------------------------------
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira