Subject Re: [Firebird-Architect] External engines - security
Author Adriano dos Santos Fernandes
Vlad Khorsun escreveu:
>> This is plugin responsabillity.
> And its forced us to re-invent many wheels already implemented at filesystem
> security level

>> That's one task for DBMS_JAVA-like package that I want in FB.
> Take some ideas from other DBMSs is a good practice. But only when we
> take really good ideas ;) Or i can said another - not all things good for Oracle
> good for Firebird also ;)
> I just don't want to make FB more complex that it absolutely needed.
It should be usable.

AFAIK, FB is not near success in ISP's, where MySQL dominates.

What I'm proposing is not good only for this type, but is proper
security in general.

Do we want the lack (for create database, backup, and everything except
insert/execute/select/delete) of FB security in this new area too?

> My point is that this is sysadmin's responsibility to not let suspect code
> into his system
This is not how things works in Java, sorry.

We don't need to show source code to say that something will not do bad

> What is "site" in your analogue ? OCX == external code (non SQL procedure),
> computer == computer ;) applets == external code (non SQL procedure) but what
> is a "site" ? And applets executed in\by browser (== firebird ?), not in computer.
Sorry, but I'll not comment this. :-)

You certainly understand what I'm talking.

SysAdmin can trust my Java code to run in *his* configured sandbox, but
not my binary code.

>> But it runs in fbserver space, no? How can fbserver be allowed to write
>> to filesystem then?
> In properly tuned system fbsever allowed to write at very limited palces in FS.
> And only sysadmin know where this places are. And sysadmin may change it
> as he(she) needed. Any other code executed inside fbserver don't know this
> places too. Thus it can't write into FS
Security by obscurity, right? :-)

>> Sorry, but I'm not understand your question about J2SE security and
>> fbserver.exe.
> Can one tune J2SE security on per-process basis ? I.e. - allow some process
> to do something (load java class and run it, for example). Or how it is worked ?
Yes, each process loads one JVM and AFAIK, each ClassLoader (one for
each DB user) can also have different security policies.