[
https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467875
]
Daniel John Debrunner commented on DERBY-2206:
----------------------------------------------
I don't think we should require sqlAuthorization in order to run the network
server by default with a security manager.
I think the non-grant/revoke setup is still secure, just a different approach,
one that trusts all authenticated users.
Maybe there are some security holes you are thinking of for client server in
this mode?
I think the ability to use Java routines with entry points directly against
classpath or JRE classes should continue to be allowed in SQL authorization
mode, with the security enhancement that requires setting
derby.database.classpath.
> Provide complete security model for Java routines
> -------------------------------------------------
>
> Key: DERBY-2206
> URL: https://issues.apache.org/jira/browse/DERBY-2206
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for
> user-created objects such as Functions and Procedures. In the future this may
> include Aggregates and Function Tables also. The issues are summarized on the
> following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
> Plugin management can be tracked by this JIRA rather than by DERBY-2109. This
> is a master JIRA to which subtasks can be linked.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
