Extension exception message when "Update conflicts with concurrent update" [CORE3304] #3671
Comments
|
Commented by: @dyemanov I tend to object to this request. First of all, it allows a non-privileged connection to obtain a possibly sensitive information (user account, client IP address, etc) about another connections, and it looks like a security weak point. This is exactly the reason why non-DBO/DBA users don't see other connections in the MON$ tables. Second, extending the error message with possibly varying information (tomorrow you might need PID of the blocking process or its Windows logon name) doesn't look like a good idea at all. That said, I believe that a better approach would be to grant a regular user abilities to see other connections in MON$ tables. This way you may explicitly decrease the security level to the threshold you need. And this is already planned for v3.0, see CORE2557. |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Submitted by: Maxim Kuzmin (cybermax)
Now, when an update conflict, you receive the following exception:
"Unsuccessful execution caused by system error that does not preclude successful execution of subsequent statements.
Lock conflict on no wait transaction.
Deadlock.
Update conflicts with concurrent update.
Concurrent transaction number is 43131."
If the user - not SYSDBA (or not connected with role RDB$ADMIN), user can't find any information about this transaction and its user-owner. Therefore, additional information about a concurrent transaction can not be obtained and can not be shown in the program.
It is proposed to add in exception information about the user-owner transaction (username). Also, if possible, add remote address user-owner and timestamp start a transaction.
The text was updated successfully, but these errors were encountered: