You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/02/01 21:16:06 UTC

[jira] Commented: (DERBY-2206) Provide complete security model for Java routines

    [ https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12469570 ] 

Daniel John Debrunner commented on DERBY-2206:
----------------------------------------------

> I'm afraid I don't see the need for maintaining two independent ways to manage java routine security.

but I think you are proposing two different security mechanisms.

I think you are proposing that if I have a jar file then I can control USAGE on it with GRANT/REVOKE but also USAGE can be given to others without my knowledge by the dbo granting the right to set the derby.database.classpath property.

I'm saying that if I have a jar file then the I control USAGE on it purely with GRANT/REVOKE.

Seems to be the former is more confusing. All I'm proposing is an extension of the existing GRANT USAGE behaviour, namely USAGE on the jar must be granted to PUBLIC in order to use the jar in the public derby.database.classpath.

I also think that security needs to be designed by what is possible for any user to do, not just what is recommended.
While it's a clever technique to allow per-property setting to be granted to individuals, it is possible and thus must be taken into account by security related changes. In addition, the very concept of definer invoked routines is designed for this type of restricted access, so I can't see it as a "sneaky way to subvert security". And at some point Derby will support such routines, so designing with those in mind I would say is a good approach.



> Provide complete security model for Java routines
> -------------------------------------------------
>
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for user-created objects such as Functions and Procedures. In the future this may include Aggregates and Function Tables also. The issues are summarized on the following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity. Plugin management can be tracked by this JIRA rather than by DERBY-2109. This is a master JIRA to which subtasks can be linked.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.