[jira] [Updated] (DERBY-5395) By default, only the DBO should be allowed to run several of the diagnostic VTIs.

Tue, 30 Aug 2011 12:34:06 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-5395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rick Hillegas updated DERBY-5395:
---------------------------------

    Attachment: derby-5395-01-ac-protectVTIs.diff

Attaching derby-5395-01-ac-protectVTIs.diff. This patch implements approach 
(1), raising an error at instantiation time if these VTIs are invoked by 
someone other than the DBO when authorization is turned on. I have written a 
regression test but need to run the full suite.

The regression test I wrote for this fix revealed that the StatementDuration 
and ErrorLogReader VTIs were reading a system property outside a privileged 
block. I wrapped those reads in a privileged block as part of this patch.

Touches the following files:

-------------------

M      java/engine/org/apache/derby/loc/messages.xml
M      java/shared/org/apache/derby/shared/common/reference/SQLState.java
A      java/engine/org/apache/derby/diag/DiagUtil.java

Logic to raise an exception if authorization is enabled and the current user 
isn't a DBO.

-------------------

M      java/engine/org/apache/derby/diag/StatementCache.java
M      java/engine/org/apache/derby/diag/StatementDuration.java
M      java/engine/org/apache/derby/diag/TransactionTable.java
M      java/engine/org/apache/derby/diag/ErrorLogReader.java

Wires that check into the VTI constructors.

-------------------

M      java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
A      
java/testing/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java

New regression test for this behavior.


> By default, only the DBO should be allowed to run several of the diagnostic 
> VTIs.
> ---------------------------------------------------------------------------------
>
>                 Key: DERBY-5395
>                 URL: https://issues.apache.org/jira/browse/DERBY-5395
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>         Attachments: derby-5395-01-ac-protectVTIs.diff
>
>
> Only the DBO should be allowed to run the following VTIs:
>   syscs_diag.statement_cache
>   syscs_diag.transaction_table
>   syscs_diag.error_log_reader( )
>   syscs_diag.statement_duration()

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to