[
https://issues.apache.org/jira/browse/DERBY-2250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466079
]
Daniel John Debrunner commented on DERBY-2250:
----------------------------------------------
Spec says:
-------------
New REVOKE Behavior
In phase 1 (described by this spec), the attempt to revoke USAGE permission on
a jar file will fail if that jar file is wired into derby.database.classpath.
In phase 3 (described by the Jar-specific Classpaths spec for Derby 2253), the
attempt to revoke USAGE permission on a jar file will fail if that jar file is
wired into a Jar-specific classpath.
-------------
This means the owner of the jar loses control of the USAGE permission once
someone else adds it to a java path. That seems strange, but I agree the
behaviour in phase 1 should match the behaviour in phase 3. Can you provide
references (section numbers, rule numbers, etc.) into the SQL standard that
state the behaviour indicated for phase 3?
> Implement USAGE privilege for Jar files
> ---------------------------------------
>
> Key: DERBY-2250
> URL: https://issues.apache.org/jira/browse/DERBY-2250
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: jarUsage.html
>
>
> Implement the USAGE privilege for jar files and require this privilege on
> jars wired into the derby.database.classpath. These are the first two tasks
> in the closing "Improving Java Routine Security in 10.3 onwards" section of
> the wiki page on Java routine security:
> http://wiki.apache.org/db-derby/JavaRoutineSecurity
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
