|Subject||Re: [Firebird-Architect] External engines - metadata|
> On Friday 19 October 2007 15:53, Vlad Khorsun wrote:But we can REVOKE INSERT and can't REVOKE CREATE DATABASE
> > Everyone may create database and occupy whole hdd by it. Is it good ?
> Everyone granted insert to any table can do it :)
> > > For me this restriction is not enough to make use of unsafe externalWhy do we need it ?
> > > languages safe. I already preview security advisory - granting user
> > > CREATE DATABASE right in fb 2.5 makes it possible for him to execute
> > > arbitrary code. May be better automatically turn off unsafe languages for
> > > non-SYSDBA?
> > I prefer to not separate safe\unsafe languages. SQL\EXTERNAL is enough
> > for me.
> I'd prefer to configure availability per-language, i.e.
> GRANT EXTERNAL LANGUAGE JAVA TO <user>
> > And, yes, we may allow to EXECUTE\SELECT any EXTERNAL SP only byThen - ok ;)
> > SYSDBA by default (or something like this)
> This will be OK.