|Subject||Re: [Firebird-Architect] External engines - metadata|
> Vlad Khorsun escreveu:Why ?
> >> Certainly, we must have well defined user's rights related with defining
> >> external routines.
> > All we can (and must) to do is define and check CREATE\DECLARE\ALTER\DROP
> > <object> privileges at database level. All other is external to database engine and
> > not an our deal
> The rights to declare external procedures/functions should be per language.
> So Java language may have more relaxed rights, and the plugin implementsI still don't see why we must worry about external rights
> security based on J2SE.
> >> Without it we can easily return to problems, when any userThis is not mutually exclusive ;)
> >> with valid FB login may execute any code in context of firebird server. For
> >> example, if any user would be able to create database (becoming it's owner)
> > Here we have a real problem - we must define and check privileges for
> > CREATE DATABASE at engine instance level.
> But user having CREATE DATABASE rights may not mean he can control the
> Probably a SYS user/role would be better.