Subject Re: [Firebird-Architect] External engines - security
Author Alex Peshkov
On Friday 19 October 2007 17:38, Adriano dos Santos Fernandes wrote:
> Vlad Khorsun escreveu:
> >>> We have no agreement java classes must be stored inside DB.
> >>
> >> It doesn't matter.
> >
> > It does matter :
> >> System classes will certainly be in filesystem and users classes may be
> >> in filesystem or blob.
> >
> > how user classes come into the blob\file system ?
> This is plugin responsabillity.
> That's one task for DBMS_JAVA-like package that I want in FB.

Or we may say that this is admin's responsibility (like we do now for UDF).
And avoid many security problems, but certainly with plugin's responsibility
feature looks much more beautiful.

> >> I'm not talking about execution of data segments, but in the case plugin
> >> executing what is in blob in general (it can save to filesystem before
> >> execution).
> >
> > It can't save to filesystem if host process is not allowed to do it
> But it runs in fbserver space, no? How can fbserver be allowed to write
> to filesystem then?
> >> GRANT applies to top-level execution only, i.e., what one have DECLAREd
> >> and user can execute.
> >>
> >> We have no control of function names inside classes, so we should not
> >> use GRANT for it, but J2SE security that is just for it.
> >
> > So J2SE security may (dis)allow to do it for fbserver.exe ?
> Sorry, but I'm not understand your question about J2SE security and
> fbserver.exe.

As far as I understand J2SE it certainly can not write to places of
filesystem, where host process (fbserver) can not write. But it can disable
(for Java classes) writes even if host process can write. Could not it be
implemented in such a way, I do not think anyone could let java applet run in
context of a browser :)