Rick Hillegas wrote:
Daniel John Debrunner wrote:
Dag H. Wanvik wrote:
Hi,
Stanley Bradbury <[EMAIL PROTECTED]> writes:
I feel strongly that the restrictions implemented by DERBY-2264 must
be tied to sqlAuthorization (or a new property of it's own) being
turned on. The restrictions need to be optional at upgrade otherwise
I understand your concerns. I addressed the upgrade issue several
times in the discussion of this issue, but felt the community
preferred the semantics which are currently implemented, landing on
the side of a sensible secure-by-default behavior. Options:
Was there any discussion outside of comments in DERBY-2264? I looked
in the archives but couldn't see any between 2007/02/13 and
2007/02/20. I picked that date range because on 02/20 you said in
DERBY-2264
"Right, it seems both Dan and Rick are less concerned than me about the
compatibility here issue, so I rest my case. "
That was the first comment since 02/13, however, I don't see how my
single comment in DERBY-2264 could lead you to that conclusion, I
thought it's was just factual about authentication states. I'm sure
there must have been a discussion elsewhere, but I can't find it at
the moment.
Dan.
I don't see any other discussion beyond what appears in DERBY-2264. I
like Dag's original proposal that we should restrict DBO powers only
if both authentication and authorization are enabled. I don't like the
idea of adding another security knob for this.
Maybe the thread "Q: Should Derby 10.3 be Derby 11?" raised by Bernt is
what people are thinking of......
/Ståle
Regards,
-Rick
