Subject Re: [Firebird-Architect] External engines - metadata
Author Roman Rokytskyy
> Why ? Why Java classes is better than current UDF's ? It is safe ?
> Really ? Or sysadmin (not dba !) must configure Java on his computer
> first to make is safe ? And made it not usable at the same time if classes
> want to do something forbidden ;)

Vlad, the default installation can prohibit outgoing socket connections
and read the firebird.conf for other parameters.

> I'm ISP\sysadmin. I'm allow you (dba) to run your database on my
> computer. I configure JVM and disallow any Java code to write into FS.
> You (dba) can't configure JVM instance hosted by database engine to do
> something i'm not allow. I (ISP) don't want to approve any of your UDF's
> independent on which language you write it. I (ISP) don't trust you (dba)
> to configure security on my machine. All i can allow you to do is to run
> database engine which is more or less trusted to me.

Correct.

> I (ISP) don't trust you (dba). Remember it ;) Hence there is no sence
> to configure Java security through database.

Well... sure an ISP has to be paranoid, but I do think that even
paranoid admins see no danger creating
/tmp/firebird/java/<database_name> directories and by default give rw
rights on it to firebird Java plugin. If dba wants to restrict the
access more, I see no reason to deny this. But anyway, this is not
relevant at the moment.

> But it is still required to allow\
> disallow users to execute procedures. Independent of language. And this is
> required by dba, not ISP.

Correct.

Roman