[ http://issues.apache.org/jira/browse/DERBY-1708?page=all ]
Yip Ng reassigned DERBY-1708: ----------------------------- Assignee: Yip Ng > Unprivileged user can perform lock table statement on a table which he/she > does not have any access rights > ---------------------------------------------------------------------------------------------------------- > > Key: DERBY-1708 > URL: http://issues.apache.org/jira/browse/DERBY-1708 > Project: Derby > Issue Type: Bug > Components: SQL > Affects Versions: 10.2.1.0 > Environment: Sun JDK 1.4.2 > Reporter: Yip Ng > Assigned To: Yip Ng > > An unprivileged user was able to lock a table for which he/she does not own. > e.g.: > ij version 10.2 > ij> connect 'jdbc:derby:wombat;create=true' user 'user1' as user1; > WARNING 01J14: SQL authorization is being used without first enabling > authentication. > ij> create table t1 (i int); > 0 rows inserted/updated/deleted > ij> connect 'jdbc:derby:wombat;create=true' user 'user2' as user2; > WARNING 01J01: Database 'wombat' not created, connection made to existing > database instead. > WARNING 01J14: SQL authorization is being used without first enabling > authentication. > ij(USER2)> autocommit off; > ij(USER2)> lock table user1.t1 in exclusive mode; > 0 rows inserted/updated/deleted > sysinfo: > ------------------ Java Information ------------------ > Java Version: 1.4.2_12 > Java Vendor: Sun Microsystems Inc. > Java home: C:\Program Files\Java\j2re1.4.2_12 > Java classpath: derby.jar;derbytools.jar;. > OS name: Windows XP > OS architecture: x86 > OS version: 5.1 > Java user name: Yip > Java user home: C:\Documents and Settings\Yip > Java user dir: C:\work3\derby\tests\derby-10.2.1.0\lib > java.specification.name: Java Platform API Specification > java.specification.version: 1.4 > --------- Derby Information -------- > JRE - JDBC: J2SE 1.4.2 - JDBC 3.0 > [C:\work3\derby\tests\derby-10.2.1.0\lib\derby.jar] 10.2.1.0 beta - (430903) > [C:\work3\derby\tests\derby-10.2.1.0\lib\derbytools.jar] 10.2.1.0 beta - > (430903 > ) > ------------------------------------------------------ > ----------------- Locale Information ----------------- > Current Locale : [English/United States [en_US]] > Found support for locale: [de_DE] > version: 10.2.1.0 - (430903) > Found support for locale: [es] > version: 10.2.1.0 - (430903) > Found support for locale: [fr] > version: 10.2.1.0 - (430903) > Found support for locale: [it] > version: 10.2.1.0 - (430903) > Found support for locale: [ja_JP] > version: 10.2.1.0 - (430903) > Found support for locale: [ko_KR] > version: 10.2.1.0 - (430903) > Found support for locale: [pt_BR] > version: 10.2.1.0 - (430903) > Found support for locale: [zh_CN] > version: 10.2.1.0 - (430903) > Found support for locale: [zh_TW] > version: 10.2.1.0 - (430903) > ------------------------------------------------------ -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira