Subject Re: [Firebird-Architect] Generator security - from Database trigger thread
Author Jim Starkey
Dmitry Yemanov wrote:
> Geoff Worboys wrote:
>> That was the point of my comment "except that we dont seem to
>> store the increment as part of the generator definition".
>> If the increment was part of the generator definition then
>> the "standard" would be defined. That aspect is not feasible
>> with the current implementation.
> It's a subject of extension. The standard allows user-defined increments
> defined at the DDL level. We just need to extend the system tables to
> store the extra properties. After that everybody who has USAGE privilege
> (also to be implemented) can call NEXT VALUE and only an owner of the
> generator can alter the current value.
> The major question is whether we should still allow full-featured
> GEN_ID() calls (as a legacy insecure stuff) or treat any non-1 increment
> as ALTER and hence require the developer to adjust his code to the new
> rules.
I think you need to understand why this is important other than that the
standard requires it. Perhaps after you understand it, you will
understand why there are alternatives, some of which may be better.
Good design *always* starts with a clear understanding of requirements.


Jim Starkey
Netfrastructure, Inc.
978 526-1376