Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
Great) So we just need to adjust documentation? вс, 9 мая 2021 г. в 20:05, Mark Rotteveel : > > On 09-05-2021 18:38, Roman Simakov wrote: > > Create a ticket, please: drop clauses for procedures, functions and > > packages and inheriting a clause for packages. > > Currently, an alter, create or alter or recreate without a SQL SECURITY > clause will implicitly drop it for procedures, functions and packages, > so I'm not sure those need an explicit drop clause. > > I have also tested it, and packages actually do inherit the SQL SECURITY > from the database. > > Mark > -- > Mark Rotteveel > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel -- Roman Simakov Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
On 09-05-2021 18:38, Roman Simakov wrote: Create a ticket, please: drop clauses for procedures, functions and packages and inheriting a clause for packages. Currently, an alter, create or alter or recreate without a SQL SECURITY clause will implicitly drop it for procedures, functions and packages, so I'm not sure those need an explicit drop clause. I have also tested it, and packages actually do inherit the SQL SECURITY from the database. Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
Create a ticket, please: drop clauses for procedures, functions and packages and inheriting a clause for packages. вс, 9 мая 2021 г. в 19:35, Mark Rotteveel : > > On 09-05-2021 18:24, Roman Simakov wrote: > > вс, 9 мая 2021 г. в 19:04, Mark Rotteveel : > >> Does that mean that the ALTER DATABASE SET DEFAULT SQL SECURITY > >> influences all objects without an explicit SQL SECURITY property? > > > > I've checked. It influences tables, functions and procedures. Triggers > > inherit it from tables (which already have it inherited from DB). I'm > > afraid packages do not inherit and it's probably a fault as well. > > Thanks. Will you fix it or create a ticket for it? > > >> I had assumed it would specify the default for creating a new object > >> (similar as SET DEFAULT CHARACTER SET). Can you confirm that assumption > >> was wrong? > > > > Yes. The assumption was wrong. SQL SECURITY DEFINER is default in SQL > > STANDARD. > > ALTER DATABASE SET DEFAULT SQL SECURITY DEFINER makes behaviour standard. > > Clear, thanks. I've updated it in the fblangref40 I'm working on. > > Mark > -- > Mark Rotteveel > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel -- Roman Simakov Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
On 09-05-2021 18:24, Roman Simakov wrote: вс, 9 мая 2021 г. в 19:04, Mark Rotteveel : Does that mean that the ALTER DATABASE SET DEFAULT SQL SECURITY influences all objects without an explicit SQL SECURITY property? I've checked. It influences tables, functions and procedures. Triggers inherit it from tables (which already have it inherited from DB). I'm afraid packages do not inherit and it's probably a fault as well. Thanks. Will you fix it or create a ticket for it? I had assumed it would specify the default for creating a new object (similar as SET DEFAULT CHARACTER SET). Can you confirm that assumption was wrong? Yes. The assumption was wrong. SQL SECURITY DEFINER is default in SQL STANDARD. ALTER DATABASE SET DEFAULT SQL SECURITY DEFINER makes behaviour standard. Clear, thanks. I've updated it in the fblangref40 I'm working on. Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
вс, 9 мая 2021 г. в 19:04, Mark Rotteveel : > > On 09-05-2021 17:58, Roman Simakov wrote: > > I guess this was the reason not to implement it. But objects inherit > > SQL SECURITY from the database and it might be useful to drop sql > > security in order to use database default. > > Does that mean that the ALTER DATABASE SET DEFAULT SQL SECURITY > influences all objects without an explicit SQL SECURITY property? I've checked. It influences tables, functions and procedures. Triggers inherit it from tables (which already have it inherited from DB). I'm afraid packages do not inherit and it's probably a fault as well. > I had assumed it would specify the default for creating a new object > (similar as SET DEFAULT CHARACTER SET). Can you confirm that assumption > was wrong? Yes. The assumption was wrong. SQL SECURITY DEFINER is default in SQL STANDARD. ALTER DATABASE SET DEFAULT SQL SECURITY DEFINER makes behaviour standard. -- Roman Simakov Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
On 09-05-2021 18:03, Mark Rotteveel wrote: Does that mean that the ALTER DATABASE SET DEFAULT SQL SECURITY influences all objects without an explicit SQL SECURITY property? I had assumed it would specify the default for creating a new object (similar as SET DEFAULT CHARACTER SET). Can you confirm that assumption was wrong? I tested it, and it specifies the default behaviour for all objects without an explicit SQL SECURITY property. Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
On 09-05-2021 17:58, Roman Simakov wrote: вс, 9 мая 2021 г. в 18:46, Dmitry Yemanov : What is the point in dropping, if AFAIU the legacy (lacking sql security) mode is actually the same as "definer"? I guess this was the reason not to implement it. But objects inherit SQL SECURITY from the database and it might be useful to drop sql security in order to use database default. Does that mean that the ALTER DATABASE SET DEFAULT SQL SECURITY influences all objects without an explicit SQL SECURITY property? I had assumed it would specify the default for creating a new object (similar as SET DEFAULT CHARACTER SET). Can you confirm that assumption was wrong? Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
On 09-05-2021 17:45, Dmitry Yemanov wrote: 09.05.2021 18:25, Roman Simakov wrote: I don't remember why I did so but maybe it's better to allow drop sql security for any object type and remove the wrong statement at all. What is the point in dropping, if AFAIU the legacy (lacking sql security) mode is actually the same as "definer"? For triggers, dropping makes sense because that means they inherit the property from their table. For other types, it doesn't make much sense to me (I was surprised that RDB$SQL_SECURITY in the metadata tables was nullable and defaults to NULL). Mark -- Mark Rotteveel Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
вс, 9 мая 2021 г. в 18:46, Dmitry Yemanov : > What is the point in dropping, if AFAIU the legacy (lacking sql > security) mode is actually the same as "definer"? I guess this was the reason not to implement it. But objects inherit SQL SECURITY from the database and it might be useful to drop sql security in order to use database default. -- Roman Simakov Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
09.05.2021 18:25, Roman Simakov wrote: I don't remember why I did so but maybe it's better to allow drop sql security for any object type and remove the wrong statement at all. What is the point in dropping, if AFAIU the legacy (lacking sql security) mode is actually the same as "definer"? Dmitry Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Contradiction in SQL SECURITY documentation in Firebird 4 release notes
I don't remember why I did so but maybe it's better to allow drop sql security for any object type and remove the wrong statement at all. вс, 9 мая 2021 г. в 17:07, Mark Rotteveel : > > The 'SQL SECURITY Feature' section of the Firebird 4.0 Release Notes has > a contradictory statement. It says: > > """ > The property cannot be dropped but it can be changed from INVOKER to > DEFINER and vice versa. > """ > > However, the syntax explicitly includes `DROP SQL SECURITY` for `ALTER > TABLE` and `ALTER TRIGGER`. > > Would it be sufficient to say something like > > """ > The property cannot be dropped for procedures, functions and packages, > but it can be changed from INVOKER to DEFINER and vice versa. > """ > > Mark > -- > Mark Rotteveel > > > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel -- Roman Simakov Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
