[Firebird-devel] [FB-Tracker] Created: (CORE-6247) Presense of 'WITH CHECK OPTION' in a view DDL disallows UPDATE statement if user has been granted to update some (NOT ALL) columns of this view
Presense of 'WITH CHECK OPTION' in a view DDL disallows UPDATE statement if user has been granted to update some (NOT ALL) columns of this view --- Key: CORE-6247 URL: http://tracker.firebirdsql.org/browse/CORE-6247 Project: Firebird Core Issue Type: Bug Components: Engine, Security Affects Versions: 3.0.5, 2.5.9, 4.0 Beta 1 Reporter: Pavel Zotov Consider scenario: 1) create table with three columns (PK and two for 'user-values'); 2) create two views on this table: 2.1) first view is trivial, one-to one; 2.2) second view is almost the same but we add 'WITH CHECK OPTION' to its DDL 3) create non-privileged user 'foo' who is given access to: 3.1) select all columns from both views; 3.2) update only columns which store 'user-values', i.e. except PK (also in both views). UPDATE statement against view which was declared using WITH CHECK OPTION will fail with: Statement failed, SQLSTATE = 28000 no permission for update/write access to COLUMN V_TEST2.ID This is script to reproduce: = connect 'localhost:employee' user sysdba password 'masterkey'; set term ^; execute block as begin begin execute statement 'drop user foo' with autonomous transaction; when any do begin end end end^ set term ;^ commit; create user foo password 'bar'; commit; recreate view v_test1 as select 1 d from rdb$database; recreate view v_test2 as select 1 d from rdb$database; commit; recreate table test(id int, x int, y int); commit; recreate view v_test1 as select * from test ; recreate view v_test2 as select * from test where 1=1 with check option; commit; grant select on v_test1 to user foo; grant select on v_test2 to user foo; grant update (x, y) on v_test1 to user foo; grant update (x, y) on v_test2 to user foo; -- grant update on v_test2 to user foo; - [ 1 ] commit; insert into test(id) values(1); commit; connect 'localhost:employee' user foo password 'bar'; set echo on; update v_test1 set x = 1, y = 2 where id = 1; select * from v_test1; rollback; update v_test2 set x = 1, y = 2 where id = 1; select * from v_test2; PS. Note on line which is marked as "[ 1 ]". If we replace "grant update (x, y) on v_test2 to user foo" with this all work fine. So, it seems that presense COLUMN NAMES in the GRANT statement can affect on result. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
Hi! I solved this issue by adding a certificate with longer lifetime - just need to put reminder to reissue it next year :) -- Best regards, Sergeymailto:s...@dqteam.com On Fri, 14 Feb 2020 at 19:33, Adriano dos Santos Fernandes < adrian...@gmail.com> wrote: > On 14/02/2020 13:13, Lester Caine wrote: > > > > > > That said, letsencrypt can't be relied on to complete a renewal cycle > > ... I've just had manually clean up some certs myself so you have to > > keep on top of every one :( > > > > It always worked where I setup automatically renew. > > > Adriano > > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14/02/2020 12:28, Dimitry Sibiryakov wrote: What on this site requires encryption is still an open question. Being forced to add certificates to all my client sites simply to stop google and browsers complaining that they are 'insecure' I agree with your comment on sites full of open data, but things have progressed to a point where NOT using HTTPS is virtually impossible without other agro. That said, letsencrypt can't be relied on to complete a renewal cycle ... I've just had manually clean up some certs myself so you have to keep on top of every one :( -- Lester Caine - G8HFL - Contact - https://lsces.uk/wiki/Contact L.S.Caine Electronic Services - https://lsces.uk Model Engineers Digital Workshop - https://medw.uk Rainbow Digital Media - https://rainbowdigitalmedia.uk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14-02-2020 13:28, Dimitry Sibiryakov wrote: 14.02.2020 13:25, Mark Rotteveel wrote: In any case, it has been fixed. As far as I understand, the certbot didn't restart the site after renewing the certificate causing it to continue to use the old certificate. What on this site requires encryption is still an open question. It protects against man-in-the-middle tampering (like access providers injecting ads) (and other benefits, see https://snyk.io/blog/10-reasons-to-use-https/), and because of those benefits, search engines gives pages with HTTPS a higher score. Contrary to your opinion, HTTPS by default is the new normal, and HTTP (or only HTTP) is the oddity. Mark PS: It is high time that the tracker also gets HTTPS, but given the ancient version of Jira it's using, I'm not sure if that is an option. -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
Hi! It is fixed already :) -- Best regards, Sergeymailto:s...@dqteam.com On Fri, 14 Feb 2020 at 14:01, Scott Morgan via Firebird-devel < firebird-devel@lists.sourceforge.net> wrote: > Not sure if this is the right list for it, but the > https://firebirdsql.org/ cert has expired. > > Somebody needs to kick the Let's Encrypt updater? > > Scott > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
14.02.2020 13:25, Mark Rotteveel wrote: In any case, it has been fixed. As far as I understand, the certbot didn't restart the site after renewing the certificate causing it to continue to use the old certificate. What on this site requires encryption is still an open question. -- WBR, SD. Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Web site cert issue
On 14-02-2020 12:45, Scott Morgan via Firebird-devel wrote: Not sure if this is the right list for it, but the https://firebirdsql.org/ cert has expired. Somebody needs to kick the Let's Encrypt updater? The firebird-website list is probably a better venue for it. In any case, it has been fixed. As far as I understand, the certbot didn't restart the site after renewing the certificate causing it to continue to use the old certificate. Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
[Firebird-devel] [FB-Tracker] Created: (CORE-6246) [fbclient] Problem with too many number of columns in resultset.
[fbclient] Problem with too many number of columns in resultset. Key: CORE-6246 URL: http://tracker.firebirdsql.org/browse/CORE-6246 Project: Firebird Core Issue Type: Bug Components: API / Client Library Affects Versions: 3.0.5 Reporter: Kovalenko Dmitry First query: select x1.RDB$FIELD_NAME from RDB$FIELDS as x1 fbclient.dll returns subtype=3 for first column Second query: select x1.RDB$FIELD_NAME, x1.RDB$FIELD_NAME, /*100500 raz*/ ,x1.RDB$FIELD_NAME from RDB$FIELDS as x1 fbclient.dll (isc_dsql_describe) returns subtype=0 for first column. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tracker.firebirdsql.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
