You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/07/05 19:11:04 UTC

[jira] Commented: (DERBY-2893) INSERT and UPDATES succeed when permission has not been granted.

    [ https://issues.apache.org/jira/browse/DERBY-2893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12510407 ] 

Daniel John Debrunner commented on DERBY-2893:
----------------------------------------------

Doing a little investigation on this seems to show the problem does not exist on 10.3. I merged up the test changes for GrantRevokeTest and uncommented the asserts and the test passes there. Will investigate some more before commiting those changes.

> INSERT and UPDATES succeed when permission has not been granted.
> ----------------------------------------------------------------
>
>                 Key: DERBY-2893
>                 URL: https://issues.apache.org/jira/browse/DERBY-2893
>             Project: Derby
>          Issue Type: Bug
>          Components: Security, SQL
>    Affects Versions: 10.4.0.0
>            Reporter: Daniel John Debrunner
>            Priority: Critical
>
> GrantRevokeTest had assert methods (assertInsertPrivilege etc.) of the form
> try {
>    s.execute(command)
> } catch (SQLException sqle)
> {
>        if (!hasPrivilege) 
>             assertSQLState("42502", e);
>        else
>              fail(...);
> }
> Note that no fail() assert was in the try portion after the SQL execution. The statement should not work if hasPrivilege is false, but the test will incorrectly pass if the statement succeeds. I added fail asserts with revision 552922 like:
> if (!hasPrivilege)
>        fail("expected no INSERT permission on table");
> but these two for INSERT and UPDATE caused the test to fail (about 6 fixtures fail) indicating that the statement succeeds even if the permission is not granted.
> It could be a test problem but needs some investigation.
> The asserts for assertInsertPrivilege and asserUpdatePrivilege are commented out to stop the test failing.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.