Subject Re: [Firebird-Architect] External engines - metadata
Author Alex Peshkov
On Friday 19 October 2007 15:53, Vlad Khorsun wrote:
> Everyone may create database and occupy whole hdd by it. Is it good ?

Everyone granted insert to any table can do it :)

> > For me this restriction is not enough to make use of unsafe external
> > languages safe. I already preview security advisory - granting user
> > CREATE DATABASE right in fb 2.5 makes it possible for him to execute
> > arbitrary code. May be better automatically turn off unsafe languages for
> > non-SYSDBA?
> I prefer to not separate safe\unsafe languages. SQL\EXTERNAL is enough
> for me.

I'd prefer to configure availability per-language, i.e.

> And, yes, we may allow to EXECUTE\SELECT any EXTERNAL SP only by
> SYSDBA by default (or something like this)

This will be OK.