Subject | Re: [Firebird-Architect] External engines - security |
---|---|
Author | Vlad Khorsun |
Post date | 2007-10-21T15:48:59Z |
> Postgree has multi-language for long time, and here explain how theyUSAGE ON LANGUAGE privilege gives ability to CREATE\DECLARE\ALTER\DROP
> work re. security:
> http://yaofeng.cdut.cn/postgre/7.3/sql-createlanguage.html
>
> There is TRUSTED and non-TRUSTED languages.
>
> Something about Informix:
> http://publib.boulder.ibm.com/infocenter/idshelp/v111/index.jsp?topic=/com.ibm.ddi.doc/ddi108.htm
>
> A mix of these two schemes seems perfect to me.
>
> External engine configuration file defines if language is trusted or not.
>
> For TRUSTED languages, database owner can ex:
> GRANT USAGE ON LANGUAGE JAVA TO user1 [WITH GRANT OPTION]
>
> For non-TRUESTED languages, only SYSDBA can do this.
PROCEDURE with this LANGUAGE ? And not to EXECUTE\SELECT ? Correct ?
If yes - i start understand what do you mean under "per language security". And
now it is clear and seems logical (but not necessary) for me.
I still not convinced we must implement privilege to call methods of Java classes which
is not registered (DECLARED) as PROCEDURE's
Regards,
Vlad