Subject Re: [Firebird-Architect] External engines - security
Author Adriano dos Santos Fernandes
Alex Peshkov escreveu:
> On Monday 22 October 2007 19:03, Adriano dos Santos Fernandes wrote:
>
>> Roman Rokytskyy escreveu:
>>
>>>> GRANT USAGE ON LANGUAGE JAVA TO USER NORMAL_USER1 WITH GRANT OPTION;
>>>> GRANT USAGE ON LANGUAGE DELPHI TO USER SUPER_USER1;
>>>>
>>> What exactly benefits do we get with such GRANT?
>>>
>>> - This GRANT is useless if SUPER_USER1 does not get a chance to put his
>>> DLL on the file system after convincing sysdba about the safety of the
>>> code.
>>>
>> It's not useless. Did you think current UDF security is good then?
>>
>> We can have two databases with two different owners, but there is only
>> one place for UDF (and hence for external procedures).
>>
>> If a non-privileged user can guess (it could be one well known) the name
>> of that module, he can use it.
>>
>
> Do you want to say that UDF may be secure in one database, but insecure in
> another?
Do you have any doubt? :-)

Actually it's a problem even for different users of the same database.

Note first connection and second connection is from different users:

--------------
isql -u temp1 -p 1
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 't.fdb';
SQL> declare external function sign_blob(blob) returns blob entry_point
'sign_blob' module_name 'sign';
SQL> show function sign_blob;

Function SIGN_BLOB:
Function library is sign
Entry point is sign_blob
Argument 1: BLOB
Returns BLOB
SQL> exit;
--------------

--------------
isql -u temp2 -p 1 T.FDB
Database: T.FDB, User: temp2
SQL> show function;
SIGN_BLOB
SQL> show function sign_blob;

Function SIGN_BLOB:
Function library is sign
Entry point is sign_blob
Argument 1: BLOB
Returns BLOB
--------------

Do you think a digital signature function should be so unprotected?

This is one of things I'm using in Oracle, and I'm satisfied with they
security.


Adriano