Alex Peshkov wrote:

>> Let me explain my doubts... If trusted auth. is enabled in a server,
>> attachments from *this* server may not need password and may be SYSDBA,
>> correct?
>>
>
>
>> And the same question for C plugin that tries to connect to localhost
>> via fbclient.
>>
>
> Let me begin with this question which is very simple. No problems with such
> connections. They pass through remote layer, which strips all internal (like
> you have correctly called them) tags from DPB. Therefore - no, it can't.
>

But this type of connection go to normal (not know to server) fbclient.
Therefore, isn't this connection from a normal trusted client and
trusted auth will be allowed?

>
>> In this case, if a remote user calls an external function that goes to
>> Java plugin and calls Jaybird that try to connect to another database,
>> won't this connection be able to log as SYSDBA?
>>
>
> If we use same VM as for embedded connections - yes, it can. And that's not
> good. Therefore such VM which may be called trusted for use as server plugin,
> should itself strip internal tags from DPB. I'm absolutely sure it's
> possible.
>

Yes.

>> If we deploy trusted Java plugin, code running inside JVM should not do
>> bad things to the server, for example.
>>
>
> Agreed. And it should watch Java code, running on it, not to do bad things
> too.
>

Yes.

> Another idea - to be able to configure untrusted plugins as running not in
> firebird server process context. Imagine them placed in separate process,
> using something like XNET (or OLE) to call external functions. Themself such
> external functions will be able to connect back to firebird server usign any
> remote protocol available. Doing so we let people choose between performance
> and safety.

This may be possible, but I think we should let third party create this
plugin. :-)


Adriano