| Subject | Re: [Firebird-Architect] External engines - security |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2007-10-21T19:33:33Z |
Vlad Khorsun wrote:
classes.
That means I can deny/allow call for getClassLoader method for any Java
procedure that is declared.
So I write MyClass.myProcedure and register it in FB.
If MyClass.myProcedure calls a denyed method, JVM will throw a exception.
We'll not allow calls for non-registered methods directly from the database.
Adriano
>> Vlad Khorsun wrote:Correct.
>>
>>> USAGE ON LANGUAGE privilege gives ability to CREATE\DECLARE\ALTER\DROP
>>> PROCEDURE with this LANGUAGE ?
>>>
>> Yes, except DROP. DROP is handled by the ways we already use.
>>
>
> Hmm... why ?
>
>
>>> And not to EXECUTE\SELECT ? Correct ?
>>>
>>>
>> Yes.
>>
>
> Good ;)
>
>
>>> I still not convinced we must implement privilege to call methods of Java classes which
>>> is not registered (DECLARED) as PROCEDURE's
>>>
>> I don't understand. What you mean "call methods of Java classes which is
>> not registered"?
>>
>
> This is how i understand your phrase :
> ----
> Here is how this is handled in Oracle:
> dbms_java.grant_permission('USER_NAME',
> 'SYS:java.lang.RuntimePermission', 'getClassLoader', '' );
>
> So Java code in USER_NAME schema is allowed to call getClassLoader() method.
> ----
>
> As i understand "getClassLoader" is an Java method name, not registered
> external function.
> Am i wrong ?dbms_java.grant_permission controls J2SE security for code called inside
classes.
That means I can deny/allow call for getClassLoader method for any Java
procedure that is declared.
So I write MyClass.myProcedure and register it in FB.
If MyClass.myProcedure calls a denyed method, JVM will throw a exception.
We'll not allow calls for non-registered methods directly from the database.
Adriano