| Subject | Re: [Firebird-Architect] External engines - metadata |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2007-10-20T14:32:18Z |
Vlad Khorsun wrote:
If plugin tables are owned by SYSDBA, how it will work with tables in
user context?
Note that security plugin tables should not be accessible to users and
classes stored in blobs should only be accessible to who own it.
Adriano
>>> From the ISP's point of view this is not security. And we talk here about ISP,It may be when SYSDBA grant language usage to a user.
>>> isn't is ?
>>>
>> I won't argue a lot on this topic
>>
>
> Ok
>
>
>>> While i can't agree its necessary i not object until all plugins are equal for
>>> engine. Each plugin as any other application may create its objects in database.
>>> If it granted to do it ;)
>>>
>> Are you thinking something like GRANT CREATE TABLE TO PLUGIN JavaESP?
>>
>
> No, of course no. But when plugin will create its objects ? When its registered
> by SYSDBA ? Then we need some kind of predefined event for plugin.
> Or on first reference ? Then we have no guarantee that current user have necessary privilegesBut here we have problem.
> to create tables (plugin have no own login and can access database using current
> user credentials). Also current user became owner of objects created by plugin -
> i don't like it.
If plugin tables are owned by SYSDBA, how it will work with tables in
user context?
Note that security plugin tables should not be accessible to users and
classes stored in blobs should only be accessible to who own it.
Adriano