Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3137 SQL roles: add catalog support
  3. DERBY-3673

Add checks that a new role isn't already a user authorization id



    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s:
    • Component/s: SQL
    • Labels:


      Derby current does not have dictionary information about legal users.
      Authentication is configurable as being derby internal, LDAP based, or
      user supplied.

      SQL specifies that user ids and role names go in the same namespace
      (authorization ids). Therefore, at role creation time, a new role
      name should be checked against legal users for this database, and be
      defined if there is already a user id by that name.

      Unfortunately, since there is currently no reliable dictionary
      information about legal users, the best we can do presently is perform
      heuristic checks that a proposed role id is not already a user id.

      Since the check can not not reliable, we should also add a check to
      prohibit conncting with a user id that is a known role id.


        1. derby-3673-1.diff
          27 kB
          Dag H. Wanvik
        2. derby-3673-1.diff
          27 kB
          Dag H. Wanvik
        3. derby-3673-1.stat
          0.4 kB
          Dag H. Wanvik
        4. derby-3673-2.diff
          43 kB
          Dag H. Wanvik
        5. derby-3673-2.stat
          0.6 kB
          Dag H. Wanvik
        6. derby-3673-3.diff
          0.6 kB
          Dag H. Wanvik
        7. derby-3673-3a-javadoc_fixes.diff
          4 kB
          Kristian Waagan
        8. derby-3673-4.diff
          0.7 kB
          Dag H. Wanvik
        9. derby-3673-5.diff
          5 kB
          Dag H. Wanvik



            • Assignee:
              dagw Dag H. Wanvik
              dagw Dag H. Wanvik
            • Votes:
              0 Vote for this issue
              0 Start watching this issue


              • Created: