|Subject||Re: [Firebird-Architect] External engines - metadata|
>>>> If Java security manager may give disk access permissions to classesConsider the case of ISP. The sysadmin defines permissions common for
>>>> by its name, why do we need to integrate (read - re-invent) this functionality
>>>> into FB ?
>> Vlad, we didn't need to reinvent anything.
>> We just need a way to configure Java security though the database,
>> instead of editing JVM configuration files.
> Why though the database ??? Give me a reasons, please
all databases (read users) of the system. For example it defines that
each database can do something on the file system in user home directories.
Now we have a database admin creating a database and he decides that he
gives a possibility to deploy new Java procedures to Ann (should be
handled via something like GRATE CREATE PROCEDURE), but the procedures
should be able to access files only in a particular directory.
So, you need both - one "per-server" configuration (can be a file) and
per-database (either via database or file). Database looks more natural
(but at the same time I object to extend our DDL/DML commands -
management procedures exported by plugin should be enough).