You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2008/05/14 14:57:55 UTC
[jira] Commented: (DERBY-3673) Add checks that a new role isn't
already a user authorization id
[ https://issues.apache.org/jira/browse/DERBY-3673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596750#action_12596750 ]
Dag H. Wanvik commented on DERBY-3673:
--------------------------------------
The test for exisiting user should probably ignore builtin users defined
at the system level when derby.database.propertiesOnly is true.
Will make that change.
> Add checks that a new role isn't already a user authorization id
> ----------------------------------------------------------------
>
> Key: DERBY-3673
> URL: https://issues.apache.org/jira/browse/DERBY-3673
> Project: Derby
> Issue Type: Sub-task
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3673-1.diff, derby-3673-1.diff, derby-3673-1.stat
>
>
> Derby current does not have dictionary information about legal users.
> Authentication is configurable as being derby internal, LDAP based, or
> user supplied.
> SQL specifies that user ids and role names go in the same namespace
> (authorization ids). Therefore, at role creation time, a new role
> name should be checked against legal users for this database, and be
> defined if there is already a user id by that name.
> Unfortunately, since there is currently no reliable dictionary
> information about legal users, the best we can do presently is perform
> heuristic checks that a proposed role id is not already a user id.
> Since the check can not not reliable, we should also add a check to
> prohibit conncting with a user id that is a known role id.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.