[
https://issues.apache.org/jira/browse/DERBY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12472771
]
Rick Hillegas commented on DERBY-2264:
--------------------------------------
Hi Dag,
I just want to punch up the upgrade implications of what we're proposing:
By now there must be scores of legacy applications which use Derby
authentication. For many of these applications, the DBA owner is APP. When
these applications upgrade to 10.3, no-one will be able to shut them down. That
is because APP is probably not a real user with a real password. The affected
applications have this shape:
1) Created with authentication turned off. This is what makes APP the DBA.
2) Authentication turned on later after users and passwords were defined.
The workaround for these applications will be this:
A) Create an account for APP.
B) Change the application so that, when it shuts down, it re-connects to the
database as APP, not as the current user.
What are the imp;lications of not shutting down the database gracefully when
the application exits? A long time ago this used to mean that the log file
would just keep growing indefinitely. Has this behavior changed? If it's ok to
shutdown gracelessly, then another workaround may be this:
C) Re-code the application to swallow the concluding exception which says that
shutdown failed.
We seem to have some misgivings that many legacy applications will fit this
profile. There seem to be two proposals for how to limit this exposure:
i) Limit the exposure to a subset of applications created since 10.2, viz.,
applications which have enabled SQL authorization.
ii) Limit the exposure to read-only applications.
At this point, I'm not too keen on either of these techniques. To me they muddy
the model laid out in the attached functional spec. I'm not happy about the
affect on legacy applications. However, I think that a good Release Note might
be our best approach.
> Restrict shutdown, upgrade, and encryption powers to the database owner
> -----------------------------------------------------------------------
>
> Key: DERBY-2264
> URL: https://issues.apache.org/jira/browse/DERBY-2264
> Project: Derby
> Issue Type: New Feature
> Components: Security, SQL
> Reporter: Rick Hillegas
> Assigned To: Dag H. Wanvik
> Attachments: dbaPowers.html, dbaPowers.html
>
>
> This JIRA separates out the database-owner powers from the system privileges
> in the master security JIRA DERBY-2109. Restrict the following powers to the
> database owner for the moment: shutdown, upgrade, and encryption.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
