|Subject||Re: [Firebird-Architect] External engines - metadata|
>>> Without it we can easily return to problems, when any userAlex gave the exact reason - without CREATE DATABASE privilege
>>> with valid FB login may execute any code in context of firebird server. For
>>> example, if any user would be able to create database (becoming it's owner)
>> Here we have a real problem - we must define and check privileges for
>> CREATE DATABASE at engine instance level.
>> My $0.02
> I don't understand this. Why is this necessary?
any user might create its own database, register there any dangerous
external procedure and execute it.
> And how could it beThis is not easy question. But we must found an answer, i think. One of
> implemented in the Firebird database model? Specifically, where would
> these permissions be defined and where would they be stored?
possible ways is to define centralised per- engine instance security database.
I.e. such engine instance level privileges might be stored in common