| Subject | Re: [Firebird-Architect] External engines - security |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2007-10-21T22:28:45Z |
Roman Rokytskyy wrote:
FB/java/classpath
FB/java/classpath/sys
FB/java/classpath/user
And consider classpath/sys and classpath/user as different code sources
with different permissions?
Then we put Jaybird in classpath/sys and users classes should be put in
classpath/user.
And in the future, with classes in blobs, that will be another code source.
Adriano
> The item b) allows very important usage scenario for us. If sysadmin isRoman, can't we have a directory structure like this:
> willing to protect his host from spam sending, but does not want to
> prohibit access to remote Firebird servers (not limiting the access to a
> particular host or port), it can give a socket opening permission to
> Jaybird, while prohibiting it to others. If Jaybird would perform all
> socket access in doPriviledged(...) part (currently it doesn't), you get
> a system where it is possible to query remote Firebird databases, but be
> still protected from spam-sending functionality.
FB/java/classpath
FB/java/classpath/sys
FB/java/classpath/user
And consider classpath/sys and classpath/user as different code sources
with different permissions?
Then we put Jaybird in classpath/sys and users classes should be put in
classpath/user.
And in the future, with classes in blobs, that will be another code source.
Adriano