Subject Re: [Firebird-Architect] Execute Statement for Vulcan
Author Dmitry Yemanov
"Jim Starkey" <jas@...> wrote:
>
> I have no idea where the idea that a procedure should execute in its
> owner's security context and identity came from. As far as I can tell
> it wasn't part of the original execute statement semantics, it isn't
> part of the proposal, it isn't part of Firebird 2 or predecessors, it
> isn't part of SQL, and it basically destroys SQL security.

Other databases implement this idea, because they lack procedure
permissions. To work around, they invoke procedural code using permissions
of its owner. The same security rules apply to dynamic SQL executed inside
the procedural code. Oracle additionally allows to create procedures being
invoked using permissions of the caller. These words don't cover the MSSQL
behaviour, as I don't have any solid knowledge there.

I agree that owner permissions are not necessary for us, as we have much
more powerful security stuff. I also see that usage of procedural
permissions for dynamic SQL looks quite consistent (to some extent) with our
competitors. In regard to whether to keep the current security behaviour
(user permissions) or not, I'd like to hear Alex's opinion.


Dmitry