Subject | Re: [Firebird-Architect] External engines - security |
---|---|
Author | Adriano dos Santos Fernandes |
Post date | 2007-10-19T13:38:33Z |
Vlad Khorsun escreveu:
That's one task for DBMS_JAVA-like package that I want in FB.
to filesystem then?
fbserver.exe.
Adriano
>>> We have no agreement java classes must be stored inside DB.This is plugin responsabillity.
>>>
>>>
>> It doesn't matter.
>>
>
> It does matter :
>
>
>> System classes will certainly be in filesystem and users classes may be
>> in filesystem or blob.
>>
>
> how user classes come into the blob\file system ?
>
That's one task for DBMS_JAVA-like package that I want in FB.
>> I suppose you not allow any site to run OCX on your computer, butIt's analogue when you consider the ISP case, i.e., server is not from you.
>> applets may run on it.
>>
>> And these applets can't read your disk, if you not choose to trust it.
>>
>
> Sorry i see no direct analogue with SQL engine
>
>> I'm not talking about execution of data segments, but in the case pluginBut it runs in fbserver space, no? How can fbserver be allowed to write
>> executing what is in blob in general (it can save to filesystem before
>> execution).
>>
>
> It can't save to filesystem if host process is not allowed to do it
>
to filesystem then?
>Sorry, but I'm not understand your question about J2SE security and
>> GRANT applies to top-level execution only, i.e., what one have DECLAREd
>> and user can execute.
>>
>> We have no control of function names inside classes, so we should not
>> use GRANT for it, but J2SE security that is just for it.
>>
>
> So J2SE security may (dis)allow to do it for fbserver.exe ?
fbserver.exe.
Adriano