"Leyne, Sean" wrote:

>
> Paul,
>
> While agreeing that external files can pose a security threat...
>
> Isn't the issue external files security something that needs to be
> controlled on a db to db basis?
>

I don't think so, because we are looking at a server process and it is the owner
of the server that has the permission to read and write to the file-system. That
is where the security issue lies.

I agree that moving a database from one system to another could become a more
difficult as a result of this proposal. But moving databases with external files
is already difficult. Have you ever tried restoring a database where the path to
the external files doesn't exist?

Overall this issue may be better dealt with by establishing a
non-root/administrator user as default owner. But even then there is always the
problem that the new owner will have permissions to read or read/write to
sensitive areas. Better to lock down external file access in a simple and
consistent fashion and let users find another gun to shoot themselves in the
foot with.

Paul
--

Paul Reeves
http://www.ibphoenix.com
taking InterBase further