[
https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12467950
]
Daniel John Debrunner commented on DERBY-2206:
----------------------------------------------
> I think that giving a user the power to set all database properties is pretty
> much a statement that they are a DBA
That's an interesting comment, is it the case because it should be that way, or
it just happens to be so because there are security holes that have not been
closed yet?
I tend to think it's the latter. granting permission to set database properties
should not, I think, implictly mean the recipient is all powerful.
If it is decided that we don't want to close such holes then there should be
clear documentation that granting EXECUTE on SYSCS_SET_DATABASE_PROPERTY allows
that user to bypass *all* security mechanisms for that database.
> Provide complete security model for Java routines
> -------------------------------------------------
>
> Key: DERBY-2206
> URL: https://issues.apache.org/jira/browse/DERBY-2206
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for
> user-created objects such as Functions and Procedures. In the future this may
> include Aggregates and Function Tables also. The issues are summarized on the
> following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity.
> Plugin management can be tracked by this JIRA rather than by DERBY-2109. This
> is a master JIRA to which subtasks can be linked.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
