Martin Zaun wrote:
[EMAIL PROTECTED] wrote:
Daniel John Debrunner <[EMAIL PROTECTED]> writes:
[EMAIL PROTECTED] wrote:
Here is the current status (based on what I know):
Feature Status
--------------------------------------------------
System privileges On track
Have you any more information on the state of this?
a) The latest patch, just published, addresses the J2ME/CDC failures;
I hope this blocking issues is resolved, but we probably want to
wait for some confirming J2ME/CDC test results. I'm not aware of
other, major objections, and it was suggested to handle follow-up
and polishing items in a separate JIRA.
The format of SystemPrincipal identifiers in policy files (and as the
argument SystemPrincipal's constructor) does not match what a technical
discussion in DERBY-2109 decided, see DERBY-3477. This is due an
unforeseen limitation in the way the Java security implementation
handles Principal names in policy files. The resulting format
implemented by the patch does not really make sense (not the
implementor's fault, it's due to the limitation) and will be hard to
explain to users (connection requests that lead to identical database
identifiers end up with different permissions). An implementation cannot
be driving a format that is security critical and part of the Derby's
public api. In addition in trying to work around the format limitations
a security hole has been introduced (I'll add details to DERBY-3477).
Then the addition of JMX using system permissions has led to the
realization that the names don't match the expected format for
permissions in terms of "name" (object the permission applies to) and
"actions" (actions on that object). This can often happen when a single
use of an object is expanded.
So while I think there are no major objections to the current patch (I
haven't looked at v12 yet), I don't think the remaining items should be
seen as just polishing, and thus they may take some amount of effort
including some design. I see the current patch as a great step forward,
but somewhat flawed, but provides a framework to proceed.
Thus while the work done specifically in DERBY-2109 may be near to
completion, its sub-tasks and related issues may not be and I think
those need to be completed before a release. Mainly because they are
both defining public api's and are security related, both things that we
as a community should try to get right thus not having to deal with
changing formats and backwards compatibility later.
Dan.
