Subject Re: [Firebird-Architect] External engines - metadata
Author Vlad Khorsun
>> Why ? Why Java classes is better than current UDF's ? It is safe ?
>> Really ? Or sysadmin (not dba !) must configure Java on his computer
>> first to make is safe ? And made it not usable at the same time if classes
>> want to do something forbidden ;)
> Vlad, the default installation can prohibit outgoing socket connections
> and read the firebird.conf for other parameters.

My point is that sysadmin must be able to configure JVM inside Firebird.
Not dba, not database users, but sysadmin. Where this configuration would
be stored - is second question (but for sure not in firebird.conf :)


>> I (ISP) don't trust you (dba). Remember it ;) Hence there is no sence
>> to configure Java security through database.
> Well... sure an ISP has to be paranoid, but I do think that even
> paranoid admins see no danger creating
> /tmp/firebird/java/<database_name> directories and by default give rw
> rights on it to firebird Java plugin. If dba wants to restrict the
> access more, I see no reason to deny this. But anyway, this is not
> relevant at the moment.

Agree, not relevant .