[
https://issues.apache.org/jira/browse/DERBY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12463439
]
Rick Hillegas commented on DERBY-2109:
--------------------------------------
Thanks for the quick feedback, Dan. A couple responses follow:
1) The camel-case permission names you suggest are fine by me.
2) You're right, FilePermission is final so it can't be extended directly. The
intention was to re-use its implies() logic, but that can be done via other
means.
3) I split the Derby permission into 2 classes due to an inordinate fondness
for modelling this on java.security.BasicPermission. I can abandon this
attachment to BasicPermission in favor of something like this:
permission org.apache.derby.security.SystemPermission "shutdownEngine";
permission org.apache.derby.security.SystemPermission
"${derby.system.home}${/}accountingDBA" "createDatabase";
4) This spec does not cover and define the work for DERBY-2196. A separate spec
has to be written for that JIRA. For the moment, let's imagine a spec for
DERBY-2196 which follows the outlines of the wiki page linked from that issue.
This spec (for DERBY-2109) then adds a delta on top of DERBY-2196: the addition
of the Derby SystemPermissions to the Basic policy.
> System privileges
> -----------------
>
> Key: DERBY-2109
> URL: https://issues.apache.org/jira/browse/DERBY-2109
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Affects Versions: 10.3.0.0
> Reporter: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: systemPrivs.html, systemPrivs.html
>
>
> Add mechanisms for controlling system-level privileges in Derby. See the
> related email discussion at
> http://article.gmane.org/gmane.comp.apache.db.derby.devel/33151.
> The 10.2 GRANT/REVOKE work was a big step forward in making Derby more
> secure in a client/server configuration. I'd like to plug more client/server
> security holes in 10.3. In particular, I'd like to focus on authorization
> issues which the ANSI spec doesn't address.
> Here are the important issues which came out of the email discussion.
> Missing privileges that are above the level of a single database:
> - Create Database
> - Shutdown all databases
> - Shutdown System
> Missing privileges specific to a particular database:
> - Shutdown that Database
> - Encrypt that database
> - Upgrade database
> - Create (in that Database) Java Plugins (currently Functions/Procedures,
> but someday Aggregates and VTIs)
> Note that 10.2 gave us GRANT/REVOKE control over the following
> database-specific issues, via granting execute privilege to system
> procedures:
> Jar Handling
> Backup Routines
> Admin Routines
> Import/Export
> Property Handling
> Check Table
> In addition, since 10.0, the privilege of connecting to a database has been
> controlled by two properties (derby.database.fullAccessUsers and
> derby.database.defaultConnectionMode) as described in the security section of
> the Developer's Guide (see
> http://db.apache.org/derby/docs/10.2/devguide/cdevcsecure865818.html).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
