Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3667

SQL roles: Make CURRENT_ROLE check that the role is still valid

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.5.1.1
    • Component/s: SQL
    • Labels:
      None
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      When a role is the current role of a session, and that role is either
      a) revoked from current user or dropped, the present implementation
      does not actually reset the current role of value of the session which
      has set it to current, but instead lazily relies on the next usage to
      discover this fact by validating that the role usage is still
      applicable. This check is missing from CURRENT_USER.

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              dagw Dag H. Wanvik
              Reporter:
              dagw Dag H. Wanvik

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment