[
https://issues.apache.org/jira/browse/DERBY-2250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466086
]
Daniel John Debrunner commented on DERBY-2250:
----------------------------------------------
Thanks for working on another security functional spec!!
SYSFILEPERMS
- it make life much easier (and will match the other permission tables I
think) if we think about future expansion now and add the required columns,
thus I think adding a PRIVILEGE column and one for WITH GRANT OPTION should be
done now. At least the GRANTOPTION column should be supported. If we don't know
of any other permission for jar files then we could not add a PRIVILEGE (which
would match SYSROUTINEPERMS)
- The logical primary key for this table is FILEPERMSID (its identifier)
- Once with grant is supported then this index will no longer be unique
(GRANTEE, FILEID, GRANTOR ), right? It will be easier to set up the indexes now
for future expansion.
- I see that the proposed index layout matches SYSROUTINEPERMS, I think maybe
those are incorrect.
JAR/USAGE keywords
Any reason they are reserved words, that traditionally has made life
difficult with frequent requests to unreserve such keywords?
The hard upgrade table seems to have some copy&paste errors, use of "soft
upgrade".
These phrases are used to describe granting USAGE to PUBLIC in the same
situation
"you should grant USAGE"
"she probably wants to grant USAGE"
"you need to grant USAGE"
I'm just concerned this inconsistency (in terms of should, need to, probably
want) might get reflected in the user documentation, and possibly not updated
once phase 3 is implemented. Good to state the requirement clearly, in order to
add the installed jar into derby.database.classpath, USAGE must be granted on
the jar file.
> Implement USAGE privilege for Jar files
> ---------------------------------------
>
> Key: DERBY-2250
> URL: https://issues.apache.org/jira/browse/DERBY-2250
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: jarUsage.html
>
>
> Implement the USAGE privilege for jar files and require this privilege on
> jars wired into the derby.database.classpath. These are the first two tasks
> in the closing "Improving Java Routine Security in 10.3 onwards" section of
> the wiki page on Java routine security:
> http://wiki.apache.org/db-derby/JavaRoutineSecurity
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
