[
https://issues.apache.org/jira/browse/DERBY-3333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12643474#action_12643474
]
Dag H. Wanvik commented on DERBY-3333:
--------------------------------------
Changed link to DERBY-2207 to "is related to", since the outstanding part of
this issue is not particular to roles,
but common to all grant/revoke functionality.
> User name corresponding to authentication identifier PUBLIC must be rejected
> ----------------------------------------------------------------------------
>
> Key: DERBY-3333
> URL: https://issues.apache.org/jira/browse/DERBY-3333
> Project: Derby
> Issue Type: Bug
> Components: Security, SQL
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1,
> 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.4.1.3
> Reporter: Daniel John Debrunner
> Fix For: 10.5.0.0
>
> Attachments: DERBY-3333-roles.diff, DERBY-3333-roles.stat
>
>
> SQL Standard (foundation) says:
> Section 5.4 SR 20) No <authorization identifier> shall specify "PUBLIC".
> This is a syntax rule which implies a 42xxx SQL state but I wonder if
> 'invalid authorization specification.' (28xxx) makes more sense?
> Maybe it's 28xxx when used in a connection request and 42xxx in a SQL
> statement?
> Needs to be disallowed on:
> JDBC connection requests
> GRANT statements, ie. using "PUBLIC" as a delimited identifier.
> Existing application impact if the exists a user with an authorization
> identifier of PUBLIC in an existing system.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
