| Subject | Re: [Firebird-Architect] Database triggers |
|---|---|
| Author | Jim Starkey |
| Post date | 2006-09-19T21:26:20Z |
Leyne, Sean wrote:
give an account name as part of the trigger definition, but this opens a
security hole about the size of the Grand Canyon. And using the account
of the creator creates a really nasty problem for database restore.
--
Jim Starkey, Senior Software Architect
MySQL AB, www.mysql.com
978 526-1376
> Ann,Why not use the account that created the trigger? An alternative is to
>
>
>>>> What account do the trigger run under?
>>>>
>>> Under account of user who initiated action. All proposed
>>>
> triggers
>
>>> fired at moment where valid user account is established
>>>
>> That really won't work for before connect or after disconnect
>>
> triggers.
>
> I agree; that really doesn't make sense.
>
> So, the question remains: What account should the trigger run under?
>
> Would it make sense for the trigger to run in the 'system' context?
>
>
>
give an account name as part of the trigger definition, but this opens a
security hole about the size of the Grand Canyon. And using the account
of the creator creates a really nasty problem for database restore.
--
Jim Starkey, Senior Software Architect
MySQL AB, www.mysql.com
978 526-1376