Subject Re: [Firebird-Architect] External engines - metadata
Author Adriano dos Santos Fernandes
Vlad Khorsun wrote:
>>> From the ISP's point of view this is not security. And we talk here about ISP,
>>> isn't is ?
>> I won't argue a lot on this topic
> Ok
>>> While i can't agree its necessary i not object until all plugins are equal for
>>> engine. Each plugin as any other application may create its objects in database.
>>> If it granted to do it ;)
>> Are you thinking something like GRANT CREATE TABLE TO PLUGIN JavaESP?
> No, of course no. But when plugin will create its objects ? When its registered
> by SYSDBA ? Then we need some kind of predefined event for plugin.
It may be when SYSDBA grant language usage to a user.

> Or on first reference ? Then we have no guarantee that current user have necessary privileges
> to create tables (plugin have no own login and can access database using current
> user credentials). Also current user became owner of objects created by plugin -
> i don't like it.
But here we have problem.

If plugin tables are owned by SYSDBA, how it will work with tables in
user context?

Note that security plugin tables should not be accessible to users and
classes stored in blobs should only be accessible to who own it.