Subject Re: [Firebird-Architect] External engines - security
Author Adriano dos Santos Fernandes
Postgree has multi-language for long time, and here explain how they
work re. security:
http://yaofeng.cdut.cn/postgre/7.3/sql-createlanguage.html

There is TRUSTED and non-TRUSTED languages.

Something about Informix:
http://publib.boulder.ibm.com/infocenter/idshelp/v111/index.jsp?topic=/com.ibm.ddi.doc/ddi108.htm

A mix of these two schemes seems perfect to me.

External engine configuration file defines if language is trusted or not.

For TRUSTED languages, database owner can ex:
GRANT USAGE ON LANGUAGE JAVA TO user1 [WITH GRANT OPTION]

For non-TRUESTED languages, only SYSDBA can do this.


Adriano


Jim Starkey wrote:
> Gentlemen, may I make a modest suggestion? Rather than approaching this
> questions as if you were the only people on earth, why don't you start
> by examining other database systems with external user defined
> procedures? This would not constrain your choices but might shorten
> both the discussion and trial and error phases.
>
> Netfrastructure, as you are aware, supports only Java procedures. It
> has a custom JVM to support dynamic class loading for development and a
> non-blocking garbage collector, but these are not essential. What is
> essential is rigorous security and consistent transactional semantics.
>
> Although the Falcon code that interacts with the JVM is open, the JVM
> itself is not yet open source. But, if anyone has any questions has to
> how Netfrastructure resolved the questions you are now considering,
> please ask and I will do my best to explain.
>
>
>
> Yahoo! Groups Links
>
>
>
>