Subject Re: [Firebird-Architect] External engines - metadata
Author Jim Starkey
Alex Peshkov wrote:
> Certainly, we must have well defined user's rights related with defining
> external routines. Without it we can easily return to problems, when any user
> with valid FB login may execute any code in context of firebird server. For
> example, if any user would be able to create database (becoming it's owner)
> like now, being DBO should not be enough to define external routines in that
> database. With Java we may be can use J2SE to limit what class does, but with
> Delphi - hackers will say 'Thanks, guys' :).
If security is handled correctly -- an external procedure has the
maximum of user's login rights and any rights explicitly granted to the
procedure (has anyone thought about this yet?). Except for privileges
granted to a procedure, normal security should suffice since, after all,
the procedure can't do anything that the user couldn't do himself
(again, except for privileges granted to the procedure).