Subject Re: [Firebird-Architect] External engines - metadata
Author Adriano dos Santos Fernandes
Vlad Khorsun wrote:
>> It's related, as a "second version" of Java plugin may not have
>> necessary foundations to work.
> We not going to change plugin interface v1 in v2 of this interface.
> Only extend it when necessary. And i still see no relation between
> all this security questions and interface between plugin and engine
We're discussing the metadata, no? :-) See subj. :-)
I'm also sorry to have started this discussion in a non appropriate
moment, but I missed about the conference.

The interface is not related with we're discussing now...

But engine support must handle even future security needs well, and that
should be done from the start.

>> Yes it's safe because it runs in JVM, or in a managed environment in MS
>> words for .NET.
> Its safety depends on how its tuned
Yes, but my point is that binary code can't be much safe even if well tuned.

>>> And made it not usable at the same time if classes
>>> want to do something forbidden ;)
> Sysadmin might forbid, for example, to create sockets or close some ports
> on firewall while new Java procudere might want to use it.
That will be a sysadmin fault.

>> But DBA will can revoke privileges per user.
> Why DBA must think about file-level privileges ??? He must think about
> _database_ and _database objects_. All other is sysadmin's responsibility
Sysadmin may tell DBA that JVM is configured (by sysadmin) to allows
file writes at directory /databases/<db name>/*.

But SYSDBA/db-owner do not want every database user to write to this

Each one control his environment:
sysadmin protects server
sysdba protects database and resources used by it

>>> Again, please, define goals and problems. Imagine i know nothing
>>> about Java, JMV, Java security etc...
>> I imagined, as that seems to be true. :-)))
> We talking about our own imaginations. As you started this discussion,
> i ask you to be more clear and concrete ;) Examples or links to the other's
> documentations might be big help
Sorry, J2SE security, class loaders, or loading JVM inside application
is things I'm not expert, even programming in Java everyday.

So I can't just ask Google for links and put here. ;-)