You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/10/30 01:12:50 UTC
[jira] Created: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly
treats the passed in user name as a SQL identifier and thus can reports the
wrong user information
SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
------------------------------------------------------------------------------------------------------------------------------------
Key: DERBY-3160
URL: https://issues.apache.org/jira/browse/DERBY-3160
Project: Derby
Issue Type: Bug
Components: Security, SQL
Affects Versions: 10.3.1.4, 10.4.0.0
Reporter: Daniel John Debrunner
Assignee: Daniel John Debrunner
Priority: Minor
VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if the user name needs to be a delimited identifier when used in a SQL statement such as GRANT. E.g. user fred@derby.com, 123 etc.
Passing the user name as a VARCHAR also returns the wrong user for such user names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly
treats the passed in user name as a SQL identifier and thus can reports the
wrong user information
Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel John Debrunner resolved DERBY-3160.
------------------------------------------
Resolution: Fixed
Fix Version/s: 10.4.0.0
Revision 590720 (trunk) fixes this.
> SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3160
> URL: https://issues.apache.org/jira/browse/DERBY-3160
> Project: Derby
> Issue Type: Bug
> Components: Security, SQL
> Affects Versions: 10.3.1.4, 10.4.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.4.0.0
>
>
> VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if the user name needs to be a delimited identifier when used in a SQL statement such as GRANT. E.g. user fred@derby.com, 123 etc.
> Passing the user name as a VARCHAR also returns the wrong user for such user names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly
treats the passed in user name as a SQL identifier and thus can reports the
wrong user information
Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579667#action_12579667 ]
Kathey Marsden commented on DERBY-3160:
---------------------------------------
I wonder if this issue should be marked Existing Application Impact, since it required
all the SYSCS_GET_USER_ACCESS and SYSCS_SET_USER_ACCESS calls to use
upper case in the test.
> SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3160
> URL: https://issues.apache.org/jira/browse/DERBY-3160
> Project: Derby
> Issue Type: Bug
> Components: Security, SQL
> Affects Versions: 10.3.1.4, 10.4.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.4.0.0
>
>
> VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if the user name needs to be a delimited identifier when used in a SQL statement such as GRANT. E.g. user fred@derby.com, 123 etc.
> Passing the user name as a VARCHAR also returns the wrong user for such user names.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.