Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3667

SQL roles: Make CURRENT_ROLE check that the role is still valid

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.5.1.1
    • Component/s: SQL
    • Labels:
      None
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      When a role is the current role of a session, and that role is either
      a) revoked from current user or dropped, the present implementation
      does not actually reset the current role of value of the session which
      has set it to current, but instead lazily relies on the next usage to
      discover this fact by validating that the role usage is still
      applicable. This check is missing from CURRENT_USER.

        Attachments

        1. derby-3667-1.stat
          0.4 kB
          Dag H. Wanvik
        2. derby-3667-1.diff
          9 kB
          Dag H. Wanvik

          Issue Links

            Activity

              People

              • Assignee:
                dagw Dag H. Wanvik
                Reporter:
                dagw Dag H. Wanvik
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: