[ http://issues.apache.org/jira/browse/DERBY-866?page=comments#action_12363885 ]
Daniel John Debrunner commented on DERBY-866: --------------------------------------------- Questions on the spec: - What do you mean by "familar DDL interface" and "known interface". Are you saying that these are copied from some other database? - "There is no real ANSI SQL standard ..." - What does this mean, is there a ANSI standard that no-one implements, a "pretend" ANSI standard, something else? - What's the advantage of implementing these utility operations as DDL? The same functionality can be acheived, probably at a lower footprint by using procedures. - I think we need to keep a clear separation between the BUILTIN authentication provider and other functionality such as roles, which should be independent of authentication mechanism. Naming becomes important here, SYS_BUILTIN_USERS instead of SYSUSERS, CREATE BUILTIN USER etc. It may be in the future that a Derby database has users which are independent of the authentication mechanism, but there is the ability to provide a mapping between them. E.g. LDAP user [EMAIL PROTECTED] is mapped to user fred in a Derby database. > BUILT-IN Derby User Management (DDL) Enhancements > ------------------------------------------------- > > Key: DERBY-866 > URL: http://issues.apache.org/jira/browse/DERBY-866 > Project: Derby > Type: Improvement > Components: Security > Versions: 10.2.0.0 > Reporter: Francois Orsini > Fix For: 10.2.0.0 > Attachments: Derby_User_Enhancement.html > > Proposal to enhance Derby's Built-In DDL User Management. (See proposal spec > attached to the JIRA). > Abstract: > This feature aims at improving the way BUILT-IN users are managed in Derby by > providing a more intuitive and familiar DDL interface. Currently (in > 10.1.2.1), Built-In users can be defined at the system and/or database level. > Users created at the system level can be defined via JVM or/and Derby system > properties in the derby.properties file. Built-in users created at the > database level are defined via a call to a Derby system procedure > (SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY) which sets a database property. > Defining a user at the system level is very convenient and practical during > the development phase (EOD) of an application - However, the user's password > is not encrypted and consequently appears in clear in the derby.properties > file. Hence, for an application going into production, whether it is embedded > or not, it is preferable to create users at the database level where the > password is encrypted. > There is no real ANSI SQL standard for managing users in SQL but by providing > a more intuitive and known interface, it will ease Built-In User management > at the database level as well as Derby's adoption. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
