Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-2109

System privileges

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.3.1.4
    • Fix Version/s: None
    • Component/s: Network Server, Services
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      Add mechanisms for controlling system-level privileges in Derby. See the related email discussion at http://article.gmane.org/gmane.comp.apache.db.derby.devel/33151.

      The 10.2 GRANT/REVOKE work was a big step forward in making Derby more secure in a client/server configuration. I'd like to plug more client/server security holes in 10.3. In particular, I'd like to focus on authorization issues which the ANSI spec doesn't address.

      Here are the important issues which came out of the email discussion.

      Missing privileges that are above the level of a single database:

      • Create Database
      • Shutdown all databases
      • Shutdown System

      Missing privileges specific to a particular database:

      • Shutdown that Database
      • Encrypt that database
      • Upgrade database
      • Create (in that Database) Java Plugins (currently Functions/Procedures, but someday Aggregates and VTIs)

      Note that 10.2 gave us GRANT/REVOKE control over the following database-specific issues, via granting execute privilege to system procedures:

      Jar Handling
      Backup Routines
      Admin Routines
      Import/Export
      Property Handling
      Check Table

      In addition, since 10.0, the privilege of connecting to a database has been controlled by two properties (derby.database.fullAccessUsers and derby.database.defaultConnectionMode) as described in the security section of the Developer's Guide (see http://db.apache.org/derby/docs/10.2/devguide/cdevcsecure865818.html).

        Attachments

        1. DERBY-2109-02.diff
          57 kB
          Martin Zaun
        2. DERBY-2109-02.stat
          0.7 kB
          Martin Zaun
        3. derby-2109-03-javadoc-see-tags.diff
          4 kB
          Kristian Waagan
        4. DERBY-2109-04.diff
          11 kB
          Martin Zaun
        5. DERBY-2109-04.stat
          0.3 kB
          Martin Zaun
        6. DERBY-2109-05and06.diff
          42 kB
          Martin Zaun
        7. DERBY-2109-05and06.stat
          0.9 kB
          Martin Zaun
        8. DERBY-2109-07.diff
          80 kB
          Martin Zaun
        9. DERBY-2109-07.stat
          1 kB
          Martin Zaun
        10. DERBY-2109-08_addendum.diff
          5 kB
          Martin Zaun
        11. DERBY-2109-08_addendum.stat
          0.3 kB
          Martin Zaun
        12. DERBY-2109-08.diff
          83 kB
          Martin Zaun
        13. DERBY-2109-08.stat
          2 kB
          Martin Zaun
        14. DERBY-2109-09.diff
          104 kB
          Martin Zaun
        15. DERBY-2109-09.stat
          2 kB
          Martin Zaun
        16. DERBY-2109-10.diff
          109 kB
          Martin Zaun
        17. DERBY-2109-10.stat
          2 kB
          Martin Zaun
        18. DERBY-2109-11.diff
          118 kB
          Martin Zaun
        19. DERBY-2109-11.stat
          2 kB
          Martin Zaun
        20. DERBY-2109-12.diff
          123 kB
          Martin Zaun
        21. DERBY-2109-12.stat
          2 kB
          Martin Zaun
        22. SystemPrivilegesBehaviour.html
          16 kB
          Martin Zaun
        23. systemPrivs.html
          61 kB
          Richard N. Hillegas
        24. systemPrivs.html
          59 kB
          Richard N. Hillegas
        25. systemPrivs.html
          56 kB
          Richard N. Hillegas
        26. systemPrivs.html
          32 kB
          Richard N. Hillegas

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rhillegas Richard N. Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: