[jira] Commented: (DERBY-2206) Provide complete security model for Java routines

Thu, 01 Feb 2007 12:16:34 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12469570
 ] 

Daniel John Debrunner commented on DERBY-2206:
----------------------------------------------

> I'm afraid I don't see the need for maintaining two independent ways to 
> manage java routine security.

but I think you are proposing two different security mechanisms.

I think you are proposing that if I have a jar file then I can control USAGE on 
it with GRANT/REVOKE but also USAGE can be given to others without my knowledge 
by the dbo granting the right to set the derby.database.classpath property.

I'm saying that if I have a jar file then the I control USAGE on it purely with 
GRANT/REVOKE.

Seems to be the former is more confusing. All I'm proposing is an extension of 
the existing GRANT USAGE behaviour, namely USAGE on the jar must be granted to 
PUBLIC in order to use the jar in the public derby.database.classpath.

I also think that security needs to be designed by what is possible for any 
user to do, not just what is recommended.
While it's a clever technique to allow per-property setting to be granted to 
individuals, it is possible and thus must be taken into account by security 
related changes. In addition, the very concept of definer invoked routines is 
designed for this type of restricted access, so I can't see it as a "sneaky way 
to subvert security". And at some point Derby will support such routines, so 
designing with those in mind I would say is a good approach.



> Provide complete security model for Java routines
> -------------------------------------------------
>
>                 Key: DERBY-2206
>                 URL: https://issues.apache.org/jira/browse/DERBY-2206
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Rick Hillegas
>
> Add GRANT/REVOKE mechanisms to control which jar files can be mined for 
> user-created objects such as Functions and Procedures. In the future this may 
> include Aggregates and Function Tables also. The issues are summarized on the 
> following wiki page: http://wiki.apache.org/db-derby/JavaRoutineSecurity. 
> Plugin management can be tracked by this JIRA rather than by DERBY-2109. This 
> is a master JIRA to which subtasks can be linked.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to