|Subject||Re: [IB-Architect] UDF and null|
>Perhaps the security problem has more to do with the fact that currentlyUdfs are stored into the dbf in system tables, we can by default allow
>only the declaration is compiled in the database (compiled? maybe just
>"stored"..). So a malevolent person could write a trojan horse ib_udf.dll
>or ib_udf.so with bona fide functions replaced by malicious ones with
>identical name and parameters, make it available as a bin download and
>catch a lot of eager SYSDBAs with their pants down.
SYSDBA to add user defined functions to database by changing the privileges
to RDB$FUNCTIONS and RDB$FUNCTION_ARGUMENTS.
I think If a user can't declare a user defined function, and the defined
functions are well programmed and stable there is no security hole.
I think the best way is to allow the descriptor type, it's backguard
compatible and transparent to old udfs.