|Subject||Re: [Firebird-Architect] External engines - security|
> I'm saying just the contrary, since we can't do this but want usable (asWhat exactly benefits do we get with such GRANT?
> PSQL) Java procedures, we need server permissions to define external
> procedures per language.
> GRANT USAGE ON LANGUAGE JAVA TO USER NORMAL_USER1 WITH GRANT OPTION;
> GRANT USAGE ON LANGUAGE DELPHI TO USER SUPER_USER1;
- This GRANT is useless if SUPER_USER1 does not get a chance to put his
DLL on the file system after convincing sysdba about the safety of the
- This GRANT gives a false feeling about safety if we store DLLs in
BLOBs - correctly written trojan or virus won't leave traces in the
system, so sysdba and not SUPER_USER1 will be the main suspect in case
of attack. Considering that these guys are quite paranoid, the won't
allow using such feature at all.
So, I see little use of this GRANT at the moment. Also, if in the future
we find out that people do need it, this change would not require
re-coding the external procedures from the scratch. At most a minor ODS
change will be needed.