[
https://issues.apache.org/jira/browse/DERBY-3673?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik updated DERBY-3673:
---------------------------------
Attachment: derby-3673-5.diff
Uploading a javadoc patch, committed as svn 692179.
> Add checks that a new role isn't already a user authorization id
> ----------------------------------------------------------------
>
> Key: DERBY-3673
> URL: https://issues.apache.org/jira/browse/DERBY-3673
> Project: Derby
> Issue Type: Sub-task
> Components: SQL
> Reporter: Dag H. Wanvik
> Assignee: Dag H. Wanvik
> Fix For: 10.5.0.0
>
> Attachments: derby-3673-1.diff, derby-3673-1.diff, derby-3673-1.stat,
> derby-3673-2.diff, derby-3673-2.stat, derby-3673-3.diff,
> derby-3673-3a-javadoc_fixes.diff, derby-3673-4.diff, derby-3673-5.diff
>
>
> Derby current does not have dictionary information about legal users.
> Authentication is configurable as being derby internal, LDAP based, or
> user supplied.
> SQL specifies that user ids and role names go in the same namespace
> (authorization ids). Therefore, at role creation time, a new role
> name should be checked against legal users for this database, and be
> defined if there is already a user id by that name.
> Unfortunately, since there is currently no reliable dictionary
> information about legal users, the best we can do presently is perform
> heuristic checks that a proposed role id is not already a user id.
> Since the check can not not reliable, we should also add a check to
> prohibit conncting with a user id that is a known role id.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
