Adriano dos Santos Fernandes wrote:

> Roman Rokytskyy escreveu:
>>> GRANT USAGE ON LANGUAGE JAVA TO USER NORMAL_USER1 WITH GRANT OPTION;
>>> GRANT USAGE ON LANGUAGE DELPHI TO USER SUPER_USER1;
>>>
>> What exactly benefits do we get with such GRANT?
>>
>> - This GRANT is useless if SUPER_USER1 does not get a chance to put his
>> DLL on the file system after convincing sysdba about the safety of the
>> code.
>>
> It's not useless. Did you think current UDF security is good then?

No, but we're discussing the external procedures, not security in
general. I agree that they are dependant, but addressing the issue here
is a wrong place, from my POV.

> We can have two databases with two different owners, but there is only
> one place for UDF (and hence for external procedures).

This must not be the case with external procedures. I still want to have
a separate plugin for Delphi/C++ code, and this plugin can handle
multiple locations.

> If a non-privileged user can guess (it could be one well known) the name
> of that module, he can use it.

Yes, he can. But please, let's concentrate on the external procedures.

Roman

P.S. If we decide that we want grants for UDFs, then we can address the
grants for procedures in one go. Also Red Soft did a big research about
the security issues in Firebird and they are willing to address them in
their builds. Even if they do not contribute the code (and I hope they
will), we will see the changes in their feature list and we can play
then the Borland's game and take the idea from them.