You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2007/04/03 19:52:32 UTC

[jira] Updated: (DERBY-2264) Restrict shutdown, upgrade, and encryption powers to the database owner

     [ https://issues.apache.org/jira/browse/DERBY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dag H. Wanvik updated DERBY-2264:
---------------------------------

    Attachment: DERBY-2264-7.stat
                DERBY-2264-7.diff

This patch, DERBY-2264-7.*, adds checking database owner checking for
the hard upgrade operation as specified in
the attached dbaPowers.html.

With this patch, the hard upgrade operation now also uses the two
phased boot procedure introduced for the encryption case of this
issue: First a plain boot is performed to check the credentials, is
this succeeds, the database is shut down and rebooted with the
upgrade=true attribute.

A new fixture has been added to DbaPowersTest.java to test the
credentials checking. Note that while this exercises the checking
code, a hard upgrade is never actually performed, since store ignores
the upgrade flag when the underlying database is already of the same
version as the codebase (AFAIK there is no straight forward way right
now to get a database produced by another version of Derby in the
existing junit framework). 

I did verify the upgrade checking behavior manually using 10.2/10.3
databases.

If others think this is required or a good idea, I may try to extend
the upgradeTests/_Suite.java test with positive and negative test case
fixtures to really verify hard upgrade when credentials are
accepted/rejected.

derbyall and suites.All ran without incident on Solaris 10/x86, Sun
JDK 1.6 with the patch applied on svn revision 524545 running from
classes, sane build.


> Restrict shutdown, upgrade, and encryption powers to the database owner
> -----------------------------------------------------------------------
>
>                 Key: DERBY-2264
>                 URL: https://issues.apache.org/jira/browse/DERBY-2264
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>         Assigned To: Dag H. Wanvik
>         Attachments: dbaPowers.html, dbaPowers.html, DERBY-2264-1.diff, DERBY-2264-1.stat, DERBY-2264-2.diff, DERBY-2264-2.stat, DERBY-2264-3.diff, DERBY-2264-3.stat, DERBY-2264-4.diff, DERBY-2264-4.stat, DERBY-2264-5.diff, DERBY-2264-5.stat, DERBY-2264-6.diff, DERBY-2264-6.stat, DERBY-2264-6b.diff, DERBY-2264-6b.stat, DERBY-2264-7.diff, DERBY-2264-7.stat, encrypt-1b.sql, encrypt-2.sql, encrypt-3.sql
>
>
> This JIRA separates out the database-owner powers from the system privileges in the master security JIRA DERBY-2109. Restrict the following powers to the database owner for the moment: shutdown, upgrade, and encryption.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.