Derby
  1. Derby
  2. DERBY-3146

Adjust length restriction on user identifiers (authorization ids) to same as other identifiers

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.1.4, 10.3.2.1, 10.3.3.0, 10.4.1.3, 10.4.2.0, 10.5.1.1, 10.5.2.0, 10.5.3.0, 10.6.1.0, 10.6.2.1, 10.7.1.1, 10.8.1.2, 10.8.2.2
    • Fix Version/s: 10.9.1.0
    • Component/s: JDBC, SQL
    • Labels:
      None
    • Bug behavior facts:
      Deviation from standard, Security

      Description

      While working on roles, I notice that there is a max size of 30 on
      user ids in derby (authorization identifiers), e.g. the check being
      performed in the parser:

      private void checkAuthorizationLength( String authorization)
      :
      checkIdentifierLengthLimit( authorization, Limits.DB2_MAX_USERID_LENGTH);
      :

      where Limits.DB2_MAX_USERID_LENGTH == 30. I have checked, and I don't
      think there are any fundamental reasons why Derby can't lift this DB2
      restriction: Then authorization identifiers would have the same max
      limit as other identifiers: 128 (Limits.MAX_IDENTIFIER_LENGTH).

      Currently, this limit of 30 is enforced for GRANT/REVOKE, i.e. for the
      grantees.

      However, in the CREATE SCHEMA statement, the clause

      AUTHORIZATION <authorization identifier>

      which allows specifying a schema's owner, is not subject to this
      restriction. This is also reflected in the reference documentation for
      system tables:

      SYS.SYSCHEMAS:

      Column Name Type Length Nullability Contents
      -------------------------------------------------------------------
      AUTHORIZATIONID VARCHAR 128 false the authorization
      identifier of the
      owner of the schema

      SYS.SYSTABLEPERMS:

      Column Name Type Length Nullability Contents
      -------------------------------------------------------------------
      GRANTEE VARCHAR 30 False The authorization ID
      of the user to whom
      the privilege is
      granted.

      Furthermore, the limit is enforced in the authorizer code
      (AuthorizationServiceBase#authenticate). It is also reflected in the
      metadata: EmbedDatabaseMetaData#getMaxUserNameLength.

      I think it would be good to harmonize these two different limits for
      authorization identifier and change the limit to 128
      (Limits.MAX_IDENTIFIER_LENGTH).

      1. DERBY-3146.stat
        0.3 kB
        Dag H. Wanvik
      2. DERBY-3146.diff
        3 kB
        Dag H. Wanvik

        Issue Links

          Activity

          Gavin made changes -
          Workflow jira [ 12415695 ] Default workflow, editable Closed status [ 12799074 ]
          Dag H. Wanvik made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Dag H. Wanvik made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Dag H. Wanvik made changes -
          Component/s JDBC [ 11407 ]
          Fix Version/s 10.9.0.0 [ 12316344 ]
          Affects Version/s 10.8.2.2 [ 12317968 ]
          Affects Version/s 10.8.1.2 [ 12316362 ]
          Affects Version/s 10.7.1.1 [ 12315564 ]
          Affects Version/s 10.6.2.1 [ 12315343 ]
          Affects Version/s 10.6.1.0 [ 12313727 ]
          Affects Version/s 10.5.3.0 [ 12314117 ]
          Affects Version/s 10.5.2.0 [ 12314116 ]
          Affects Version/s 10.5.1.1 [ 12313771 ]
          Affects Version/s 10.4.2.0 [ 12313345 ]
          Affects Version/s 10.4.1.3 [ 12313111 ]
          Affects Version/s 10.3.3.0 [ 12313142 ]
          Affects Version/s 10.3.2.1 [ 12312876 ]
          Affects Version/s 10.3.1.4 [ 12312590 ]
          Affects Version/s 10.2.2.0 [ 12312027 ]
          Affects Version/s 10.2.1.6 [ 11187 ]
          Affects Version/s 10.1.3.1 [ 12311953 ]
          Affects Version/s 10.1.2.1 [ 12310615 ]
          Affects Version/s 10.1.1.0 [ 10993 ]
          Affects Version/s 10.0.2.1 [ 10991 ]
          Affects Version/s 10.0.2.0 [ 10920 ]
          Issue & fix info Patch Available [ 10102 ]
          Dag H. Wanvik made changes -
          Issue & fix info Release Note Needed,Patch Available [ 10101,10102 ] Patch Available [ 10102 ]
          Dag H. Wanvik made changes -
          Bug behavior facts Security [ 10361 ] Deviation from standard,Security [ 10367,10361 ]
          Issue & fix info Patch Available,Release Note Needed [ 10102,10101 ]
          Dag H. Wanvik made changes -
          Attachment DERBY-3146.diff [ 12526029 ]
          Attachment DERBY-3146.stat [ 12526030 ]
          Dag H. Wanvik made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          Dag H. Wanvik made changes -
          Assignee Dag H. Wanvik [ dagw ]
          Rick Hillegas made changes -
          Link This issue is related to DERBY-5744 [ DERBY-5744 ]
          Dag H. Wanvik made changes -
          Component/s Security [ 11411 ]
          Dag H. Wanvik made changes -
          Field Original Value New Value
          Derby Categories [Security]
          Dag H. Wanvik created issue -

            People

            • Assignee:
              Dag H. Wanvik
              Reporter:
              Dag H. Wanvik
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development