> Vlad Khorsun escreveu:
> >>> For example, A ISP will not give rights to run Delphi or C++ code in his
> >>> server, but can give rights to run Java in the database, as he already
> >>> allows I run Java in the app. server.
> >>>
> >
> > ISP should not know on which language given procedure is written.
> > ISP may allow\disallow you to copy dll into host this is enough.
> >
> If your are talking about plugins implemented in Delphi/C++, yes.
> But here we're talking about Java, no? :-)
>
> Plugin is DLL, but user code is classes.

We have no agreement java classes must be stored inside DB.

> >>>>> So Java language may have more relaxed rights, and the plugin implements
> >>>>> security based on J2SE.
> >>>>>
> >>>> I still don't see why we must worry about external rights
> >>>>
> >>> Again, the ISP allows I run Java in his server because Java is "safe".
> >>>
> >
> > Huh ? Java program can't send spam ? Or open socket ?
> >
> Another reason to integrate J2SE security with database users/roles in
> the plugin.

How J2SE security is worked ? Is it enough to (dis)allow execute some
java code by fbserver.exe ?

> Haven't you saying the contrary? ;-)

No ;)

> >>> But he don't trust-me, to control his machine.
> >>>
> >> And Vlad - WHY should grant to CREATE DATABASE mean grant to execute arbitrary
> >> code on a server? How is it related?
> >>
> >
> > Its not related. At least it must be not related. Where i said contrary ? ;)
> If plugin allows to send binary data to blob and then execute what is in
> the blob, it can.

For native code its called DEP - data execution prevention. And it have no
relation with database engine security. I see no good reason to make exceptions
for java or any other language

Regards,
Vlad