Subject | Re: [Firebird-Architect] External engines - security |
---|---|
Author | Roman Rokytskyy |
Post date | 2007-10-22T15:18:09Z |
Adriano dos Santos Fernandes wrote:
general. I agree that they are dependant, but addressing the issue here
is a wrong place, from my POV.
a separate plugin for Delphi/C++ code, and this plugin can handle
multiple locations.
Roman
P.S. If we decide that we want grants for UDFs, then we can address the
grants for procedures in one go. Also Red Soft did a big research about
the security issues in Firebird and they are willing to address them in
their builds. Even if they do not contribute the code (and I hope they
will), we will see the changes in their feature list and we can play
then the Borland's game and take the idea from them.
> Roman Rokytskyy escreveu:No, but we're discussing the external procedures, not security in
>>> GRANT USAGE ON LANGUAGE JAVA TO USER NORMAL_USER1 WITH GRANT OPTION;
>>> GRANT USAGE ON LANGUAGE DELPHI TO USER SUPER_USER1;
>>>
>> What exactly benefits do we get with such GRANT?
>>
>> - This GRANT is useless if SUPER_USER1 does not get a chance to put his
>> DLL on the file system after convincing sysdba about the safety of the
>> code.
>>
> It's not useless. Did you think current UDF security is good then?
general. I agree that they are dependant, but addressing the issue here
is a wrong place, from my POV.
> We can have two databases with two different owners, but there is onlyThis must not be the case with external procedures. I still want to have
> one place for UDF (and hence for external procedures).
a separate plugin for Delphi/C++ code, and this plugin can handle
multiple locations.
> If a non-privileged user can guess (it could be one well known) the nameYes, he can. But please, let's concentrate on the external procedures.
> of that module, he can use it.
Roman
P.S. If we decide that we want grants for UDFs, then we can address the
grants for procedures in one go. Also Red Soft did a big research about
the security issues in Firebird and they are willing to address them in
their builds. Even if they do not contribute the code (and I hope they
will), we will see the changes in their feature list and we can play
then the Borland's game and take the idea from them.