> -----Original Message-----
> From: Ann W. Harrison [mailto:harrison@...]
> Sent: Viernes 1 de Diciembre de 2000 20:51
>
> At 11:38 AM 12/2/2000 +1100, Helen Borrie wrote:
> >I wrote:
> > >In the long run, the right thing to do with UDF's is to
> > >replace them (85% confidence).
> >
> >Oh? why? replace with what?
>
> Because they're horribly insecure. Yes, there's no doubt
> that we'd have to retain the mechanism for upward compatibility.

Hmmm, one basic idea is that I trust the administrator of a system.
Otherwise, all is lost. If the SYSDBA can install a tested UDF, the security
problem could be lessened.
However, for this to work, we need to extend GRANT/REVOKE to UDFs, any
reason why this would break the engine, for example? Speaking of that, let's
remember any user can spoil insertions in tables that rely on a unique field
filled by a generator in a trigger, because anyone can change the value of a
generator, another type of object that needs security.
Hope the [rather unknown] blob filters are not in the next list of victims
to be deprecated.

C.