[jira] Commented: (DERBY-3327) SQL roles: Implement authorization stack

Mon, 21 Jan 2008 16:50:55 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-3327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12561186#action_12561186
 ] 

Daniel John Debrunner commented on DERBY-3327:
----------------------------------------------

np - one other item is that according to section 10.4 routine invocation the 
order is:

  GR2) Evaluate arguments
  GR5) Push new SQL-session context (RSC)
  GR7/8) Execute the routine

The order in the patch is:
   A) Push new authorization context
   B) Evaluate arguments
   C) Execute the routine

To match the order of the spec the new context would need to be part of the 
generated code.
Not sure if it makes any difference or not, but something to consider.

Ok - one other item ...
   I don't think the patch addresses functions, since the lcc.pushCaller() is 
only set from  CallStatementResultSet.

Performing the context setup in generated code would solve both of these issues.

> SQL roles: Implement authorization stack
> ----------------------------------------
>
>                 Key: DERBY-3327
>                 URL: https://issues.apache.org/jira/browse/DERBY-3327
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security, SQL
>            Reporter: Dag H. Wanvik
>            Assignee: Dag H. Wanvik
>             Fix For: 10.4.0.0
>
>         Attachments: DERBY-3327-1.diff, DERBY-3327-1.stat, DERBY-3327-2.diff, 
> DERBY-3327-2.stat, DERBY-3327-3.diff, DERBY-3327-3.stat
>
>
> The current LanguageConnectionContext keeps the user authorization identifier 
> for an SQL session.
> The lcc is shared context also for nested connections (opened from stored 
> procedures).
> So far, for roles, the current role has been stored in the lcc also. However, 
> SQL requires that
> authorization identifers be pushed on a "authorization stack" when calling a 
> stored procedure, cf.
> SQL 2003, vol 2, section 4.34.1.1 and 4.27.3.
> This allows a caller to keep its current role after a call even if changed by 
> the stored procedure.
> This issue will implement the current role name part ("cell") of the 
> authorization stack. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to