Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
Normal
Description
Cf section 6.2 "The authorization identifier name space issue" in
spec.html (rev 9) attached to DERBY-2207.
One more check to avoid collision could be attempted (this is the last
loophole that I am aware of), but is currently not being performed:
Even if there is no trace of a user in the dictionary (as schema owner
or grantee for privileges or roles), there could still be a user
connected with the proposed name of the role being created. This could
be checked by maintaining a list of connected users with reference
counts, but would impose a cost (synchronize, hash name and check
table) at connection time.
Even if this scenario could unfold; I can't (yet) see any serious
consequences of it happening (CURRENT_USER would still work as
expected). The next time the user connects she would be denied, sicne
there is a role by that name.
Attachments
Attachments
Issue Links
- is related to
-
-
- Closed
-