[jira] Commented: (DERBY-2206) Provide complete security model for Java routines

Mon, 22 Jan 2007 13:16:54 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466566
 ] 

Rick Hillegas commented on DERBY-2206:
--------------------------------------

At this point, we are talking about an API which diverges from the SQL standard 
in several ways:

A) Jar ids, which are mandatory in SQL, are optional for us.

B) We have invented a pseudo-jar SYS.ENV, which does not appear in SQL.

C) We cannot preserve the derby.database.classpath search order without 
breaking the rules for the jar-specific classpath set by SQLJ.ALTER_JAVA_PATH.

I have two misgivings:

1) I am worried that we will confuse both ourselves and our customers with an 
API which is neither the SQL standard nor the old, familiar Cloudscape API.

2) I am worried that we have not stepped back and discussed the customer 
experience in terms of upgrade expectations and default, out-of-the-box 
behavior.

Right now, I'd like to get some clarity on issue (2). Are we expecting any of 
the following:

i) That Derby will be secure-by-default? Or is routine-security something you 
have to explicitly opt into?

ii) That users upgrading to 10.3 won't have to change their applications?



> Provide complete security model for Java routines
> -------------------------------------------------
>
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>             Fix For: 10.3.0.0
>
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for 
> user-created objects such as Functions and Procedures. In the future this may 
> include Aggregates and Function Tables also. The issues are summarized on the 
> following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity. 
> Plugin management can be tracked by this JIRA rather than by DERBY-2109. This 
> is a master JIRA to which subtasks can be linked.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to