[
https://issues.apache.org/jira/browse/DERBY-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12876080#action_12876080
]
Dag H. Wanvik edited comment on DERBY-4551 at 6/6/10 4:13 PM:
--------------------------------------------------------------
Uploading derby-4551-4, which
- fixes Knut's nit
- adds a test to check that multiple security clauses are caught, and updated
sqlgrammar to include
a string for the new error message parameter, which was missing.
Regressions ran ok.
was (Author: dagw):
Uploading derby-4551-4, which
- fixes Knut's nit
- adds a sanity against multiple security clauses, and updated sqlgrammar to
include
a string for the new error message parameter, which was missing.
Regressions ran ok.
> Allow database user to execute stored procedures with same permissions as
> database owner and/or routine definer
> ---------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4551
> URL: https://issues.apache.org/jira/browse/DERBY-4551
> Project: Derby
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 10.5.3.0
> Reporter: Tushar Kale
> Assignee: Dag H. Wanvik
> Attachments: definers_rights.html, definers_rights.html,
> definers_rights.html, definers_rights.html, definers_rights.html,
> definers_rights.html, definers_rights.html, definers_rights_typos-1.diff,
> derby-4551-1.diff, derby-4551-1.stat, derby-4551-1.txt, derby-4551-2.diff,
> derby-4551-2.stat, derby-4551-3.diff, derby-4551-3.stat, derby-4551-3b.diff,
> derby-4551-3b.stat, derby-4551-4.diff, derby-4551-4.stat
>
>
> Curretnly there is no way to hide data and database structure in embedded
> derby from the end user.
> One way to accomplish the above requirement is as follows:
> 1. Create encrypted database so data is protected
> 2. Enable authentication and sql authorization in database
> 3. Create two users, dbUser and dbOwner
> 4. Store application logic as stored procedure in the databse so dbUser does
> not know what tables are accecced by the application logic, thus hiding table
> structure
> 5. Revoke select permission from dbUser so he cannot describe tables thus
> protecting table structures
> 6. Give only Execute permissions on stored procedures to dbUser
> The above steps will ensure that data and data structure is hidden when
> application is delivered to end user.
> The problem is, if user does not have select permission, the stored
> procedures will not execute. So I am requesting the following enhancement to
> Derby:
> If dbOwner has given Execure permission to stored procecure to a dbUser, then
> allow stored procedure to execute even if the dbUser has no select
> permission.
> In otherwords, When dbUser calls stored procedure, database will use dbOwners
> authorization to execute stored procedure rather than dbUsers.
> This may be implemented by creating new permission called RunAsDbOwner.
> DbOwner can then grant permission to dbUser to execute a stored procedure
> with RunAsDbOwner.
> If this is implemented, applications can be created which will truely hide
> the database structure and data from end users. Database will behave as a
> blackbox with only in/out data exposed in stored procedures.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
