Subject Re: [Firebird-Architect] External engines - security
Author Adriano dos Santos Fernandes
Roman Rokytskyy wrote:
> The item b) allows very important usage scenario for us. If sysadmin is
> willing to protect his host from spam sending, but does not want to
> prohibit access to remote Firebird servers (not limiting the access to a
> particular host or port), it can give a socket opening permission to
> Jaybird, while prohibiting it to others. If Jaybird would perform all
> socket access in doPriviledged(...) part (currently it doesn't), you get
> a system where it is possible to query remote Firebird databases, but be
> still protected from spam-sending functionality.
Roman, can't we have a directory structure like this:

And consider classpath/sys and classpath/user as different code sources
with different permissions?

Then we put Jaybird in classpath/sys and users classes should be put in

And in the future, with classes in blobs, that will be another code source.