You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/10/30 01:12:50 UTC

[jira] Created: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information

SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
------------------------------------------------------------------------------------------------------------------------------------

                 Key: DERBY-3160
                 URL: https://issues.apache.org/jira/browse/DERBY-3160
             Project: Derby
          Issue Type: Bug
          Components: Security, SQL
    Affects Versions: 10.3.1.4, 10.4.0.0
            Reporter: Daniel John Debrunner
            Assignee: Daniel John Debrunner
            Priority: Minor


VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if the user name needs to be a delimited identifier when used in a SQL statement such as GRANT. E.g. user fred@derby.com, 123 etc.

Passing the user name as a VARCHAR also returns the wrong user for such user names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information

Posted by "Daniel John Debrunner (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/DERBY-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel John Debrunner resolved DERBY-3160.
------------------------------------------

       Resolution: Fixed
    Fix Version/s: 10.4.0.0

Revision 590720 (trunk) fixes this.

> SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3160
>                 URL: https://issues.apache.org/jira/browse/DERBY-3160
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.3.1.4, 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Assignee: Daniel John Debrunner
>            Priority: Minor
>             Fix For: 10.4.0.0
>
>
> VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if the user name needs to be a delimited identifier when used in a SQL statement such as GRANT. E.g. user fred@derby.com, 123 etc.
> Passing the user name as a VARCHAR also returns the wrong user for such user names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-3160) SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information

Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/DERBY-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579667#action_12579667 ] 

Kathey Marsden commented on DERBY-3160:
---------------------------------------

I wonder if this issue should be marked Existing Application Impact, since it required 
all the SYSCS_GET_USER_ACCESS  and SYSCS_SET_USER_ACCESS calls to use 
upper case in the test.

> SYSCS_GET_USER_ACCESS incorrectly treats the passed in user name as a SQL identifier and thus can reports the wrong user information
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3160
>                 URL: https://issues.apache.org/jira/browse/DERBY-3160
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.3.1.4, 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Assignee: Daniel John Debrunner
>            Priority: Minor
>             Fix For: 10.4.0.0
>
>
> VALUES SYSCS_GET_USER_ACCESS(CURRENT_USER) will report the wrong user information if the user name needs to be a delimited identifier when used in a SQL statement such as GRANT. E.g. user fred@derby.com, 123 etc.
> Passing the user name as a VARCHAR also returns the wrong user for such user names.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.