> Postgree has multi-language for long time, and here explain how they
> work re. security:
> http://yaofeng.cdut.cn/postgre/7.3/sql-createlanguage.html
>
> There is TRUSTED and non-TRUSTED languages.
>
> Something about Informix:
> http://publib.boulder.ibm.com/infocenter/idshelp/v111/index.jsp?topic=/com.ibm.ddi.doc/ddi108.htm
>
> A mix of these two schemes seems perfect to me.
>
> External engine configuration file defines if language is trusted or not.
>
> For TRUSTED languages, database owner can ex:
> GRANT USAGE ON LANGUAGE JAVA TO user1 [WITH GRANT OPTION]
>
> For non-TRUESTED languages, only SYSDBA can do this.

USAGE ON LANGUAGE privilege gives ability to CREATE\DECLARE\ALTER\DROP
PROCEDURE with this LANGUAGE ? And not to EXECUTE\SELECT ? Correct ?
If yes - i start understand what do you mean under "per language security". And
now it is clear and seems logical (but not necessary) for me.

I still not convinced we must implement privilege to call methods of Java classes which
is not registered (DECLARED) as PROCEDURE's

Regards,
Vlad