Subject Re: [Firebird-Architect] External engines - metadata
Author Adriano dos Santos Fernandes
Vlad Khorsun escreveu:
>>> For example, A ISP will not give rights to run Delphi or C++ code in his
>>> server, but can give rights to run Java in the database, as he already
>>> allows I run Java in the app. server.
> ISP should not know on which language given procedure is written.
> ISP may allow\disallow you to copy dll into host this is enough.
If your are talking about plugins implemented in Delphi/C++, yes.
But here we're talking about Java, no? :-)

Plugin is DLL, but user code is classes.

>>>>> So Java language may have more relaxed rights, and the plugin implements
>>>>> security based on J2SE.
>>>> I still don't see why we must worry about external rights
>>> Again, the ISP allows I run Java in his server because Java is "safe".
> Huh ? Java program can't send spam ? Or open socket ?
Another reason to integrate J2SE security with database users/roles in
the plugin.
Haven't you saying the contrary? ;-)

>>> But he don't trust-me, to control his machine.
>> And Vlad - WHY should grant to CREATE DATABASE mean grant to execute arbitrary
>> code on a server? How is it related?
> Its not related. At least it must be not related. Where i said contrary ? ;)
If plugin allows to send binary data to blob and then execute what is in
the blob, it can.