[jira] Commented: (DERBY-2109) System privileges

Myrna van Lunteren (JIRA) Thu, 28 Feb 2008 11:23:00 -0800

    [ 
https://issues.apache.org/jira/browse/DERBY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573411#action_12573411
 ]


Myrna van Lunteren commented on DERBY-2109:
-------------------------------------------

When a new patch with a fix for J2ME is available, I'll  be happy to run again, 
but my results with patch 10 are that for derbyall, only 5 tests passed, for 
suites.All, 113 tests failed (didn't run suites.All with jars, only classes).
For reference, here's a stack example, from lang/locktable.sql's derby.log

java.lang.NoClassDefFoundError: javax.security.auth.Subject
        at 
org.apache.derby.iapi.security.SecurityUtil.createSystemPrincipalSubject(SecurityUtil.java:112)
        at 
org.apache.derby.iapi.security.SecurityUtil.checkDatabaseCreatePermission(SecurityUtil.java:255)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(EmbedConnection.java:2259)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:351)
        at 
org.apache.derby.jdbc.Driver169.getNewEmbedConnection(Driver169.java:57)
        at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:240)
        at 
org.apache.derby.jdbc.EmbeddedSimpleDataSource.getConnection(EmbeddedSimpleDataSource.java:406)
        at 
org.apache.derby.jdbc.EmbeddedSimpleDataSource.getConnection(EmbeddedSimpleDataSource.java:373)
        at java.lang.reflect.AccessibleObject.invokeL(AccessibleObject.java:213)
        at java.lang.reflect.Method.invoke(Method.java:272)
        at 
org.apache.derby.impl.tools.ij.util.getDataSourceConnection(util.java:426)
        at org.apache.derby.impl.tools.ij.util.startJBMS(util.java:516)
        at org.apache.derby.impl.tools.ij.util.startJBMS(util.java:585)
        at 
org.apache.derby.impl.tools.ij.ConnectionEnv.init(ConnectionEnv.java:64)
        at 
org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(utilMain.java:165)
        at org.apache.derby.impl.tools.ij.Main.<init>(Main.java:230)
        at org.apache.derby.impl.tools.ij.Main.getMain(Main.java:193)
        at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:178)
        at org.apache.derby.impl.tools.ij.Main.main(Main.java:73)
        at org.apache.derby.tools.ij.main(ij.java:59)

> System privileges
> -----------------
>
>                 Key: DERBY-2109
>                 URL: https://issues.apache.org/jira/browse/DERBY-2109
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>    Affects Versions: 10.3.1.4
>            Reporter: Rick Hillegas
>            Assignee: Martin Zaun
>         Attachments: DERBY-2109-02.diff, DERBY-2109-02.stat, 
> derby-2109-03-javadoc-see-tags.diff, DERBY-2109-04.diff, DERBY-2109-04.stat, 
> DERBY-2109-05and06.diff, DERBY-2109-05and06.stat, DERBY-2109-07.diff, 
> DERBY-2109-07.stat, DERBY-2109-08.diff, DERBY-2109-08.stat, 
> DERBY-2109-08_addendum.diff, DERBY-2109-08_addendum.stat, DERBY-2109-09.diff, 
> DERBY-2109-09.stat, DERBY-2109-10.diff, DERBY-2109-10.stat, 
> DERBY-2109-11.diff, DERBY-2109-11.stat, SystemPrivilegesBehaviour.html, 
> systemPrivs.html, systemPrivs.html, systemPrivs.html, systemPrivs.html
>
>
> Add mechanisms for controlling system-level privileges in Derby. See the 
> related email discussion at 
> http://article.gmane.org/gmane.comp.apache.db.derby.devel/33151.
> The 10.2 GRANT/REVOKE work was a big step forward in making Derby more  
> secure in a client/server configuration. I'd like to plug more client/server 
> security holes in 10.3. In particular, I'd like to focus on  authorization 
> issues which the ANSI spec doesn't address.
> Here are the important issues which came out of the email discussion.
> Missing privileges that are above the level of a single database:
> - Create Database
> - Shutdown all databases
> - Shutdown System
> Missing privileges specific to a particular database:
> - Shutdown that Database
> - Encrypt that database
> - Upgrade database
> - Create (in that Database) Java Plugins (currently  Functions/Procedures, 
> but someday Aggregates and VTIs)
> Note that 10.2 gave us GRANT/REVOKE control over the following  
> database-specific issues, via granting execute privilege to system  
> procedures:
> Jar Handling
> Backup Routines
> Admin Routines
> Import/Export
> Property Handling
> Check Table
> In addition, since 10.0, the privilege of connecting to a database has been 
> controlled by two properties (derby.database.fullAccessUsers and 
> derby.database.defaultConnectionMode) as described in the security section of 
> the Developer's Guide (see 
> http://db.apache.org/derby/docs/10.2/devguide/cdevcsecure865818.html).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2109) System privileges

Reply via email to