Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3137 SQL roles: add catalog support
  3. DERBY-3681

When authenticating a user at connect time, verify that the user provided is not also a defined role name.

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.5.1.1
    • Component/s: Services, SQL
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      Although we try to avoid creating role that are not also valid Derby users (see DERBY-3673), we cannot
      in general know for sure that no such user exists; it could be added to derby.properties after
      the role has been created, authentication could be LDAP or user-defined, in which cases
      the check at role creation time will not work. So, in order to avoid collisions between user identifiers and role identifiers, we shoudl check at connect time that there is no role by same name as the supplied user name.

        Attachments

        1. derby-3681-2.stat
          0.3 kB
          Dag H. Wanvik
        2. derby-3681-2.diff
          8 kB
          Dag H. Wanvik
        3. derby-3681-1.stat
          0.3 kB
          Dag H. Wanvik
        4. derby-3681-1.diff
          8 kB
          Dag H. Wanvik

          Activity

            People

            • Assignee:
              dagw Dag H. Wanvik
              Reporter:
              dagw Dag H. Wanvik
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: