| Subject | Re: [Firebird-Architect] External engines - metadata |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2007-10-21T19:11:14Z |
Vlad Khorsun wrote:
I'm also sorry to have started this discussion in a non appropriate
moment, but I missed about the conference.
The interface is not related with we're discussing now...
But engine support must handle even future security needs well, and that
should be done from the start.
file writes at directory /databases/<db name>/*.
But SYSDBA/db-owner do not want every database user to write to this
directory.
Each one control his environment:
sysadmin protects server
sysdba protects database and resources used by it
is things I'm not expert, even programming in Java everyday.
So I can't just ask Google for links and put here. ;-)
Adriano
>> It's related, as a "second version" of Java plugin may not haveWe're discussing the metadata, no? :-) See subj. :-)
>> necessary foundations to work.
>>
>
> We not going to change plugin interface v1 in v2 of this interface.
> Only extend it when necessary. And i still see no relation between
> all this security questions and interface between plugin and engine
>
I'm also sorry to have started this discussion in a non appropriate
moment, but I missed about the conference.
The interface is not related with we're discussing now...
But engine support must handle even future security needs well, and that
should be done from the start.
>> Yes it's safe because it runs in JVM, or in a managed environment in MSYes, but my point is that binary code can't be much safe even if well tuned.
>> words for .NET.
>>
>
> Its safety depends on how its tuned
>
>That will be a sysadmin fault.
>>> And made it not usable at the same time if classes
>>> want to do something forbidden ;)
>>>
>
> Sysadmin might forbid, for example, to create sockets or close some ports
> on firewall while new Java procudere might want to use it.
>
>> But DBA will can revoke privileges per user.Sysadmin may tell DBA that JVM is configured (by sysadmin) to allows
>>
>
> Why DBA must think about file-level privileges ??? He must think about
> _database_ and _database objects_. All other is sysadmin's responsibility
>
file writes at directory /databases/<db name>/*.
But SYSDBA/db-owner do not want every database user to write to this
directory.
Each one control his environment:
sysadmin protects server
sysdba protects database and resources used by it
>>> Again, please, define goals and problems. Imagine i know nothingSorry, J2SE security, class loaders, or loading JVM inside application
>>> about Java, JMV, Java security etc...
>>>
>>>
>> I imagined, as that seems to be true. :-)))
>>
>
> We talking about our own imaginations. As you started this discussion,
> i ask you to be more clear and concrete ;) Examples or links to the other's
> documentations might be big help
is things I'm not expert, even programming in Java everyday.
So I can't just ask Google for links and put here. ;-)
Adriano