Lester Caine wrote:

> Dunbar, Norman wrote:
>> Morning Geoff,
>>
>>>> ... it does pay to remember one other thing
>>>> about generators: their total lack of security!
>>>>
>>>> Until that long standing hole gets filled there are some
>>>> purposes for which generators are not appropriate.
>>
>> I've never heard of this problem. Would you please elaborate (or point
>> me at a document online).

> There are no 'privileges' for generators? Anybody can change them ...

See the very brief (but accurate :-) tracker entry:
http://tracker.firebirdsql.org/browse/CORE-1141

Not to mention being able to drop them:
http://tracker.firebirdsql.org/browse/CORE-304


There is also the long standing issue relating to all metadata:
any user can create any metadata object they like... unless it
already exists. In a situation where a system may be regularly
creating objects (eg: generators) as part of some internal
process the ability for any user to create their own objects
_could_ be a security problem.

I cant actually find a tracker entry for the generic create
object problem (it does effect all metadata)... but someone has
recognised the problems exists with UDFs:
http://tracker.firebirdsql.org/browse/CORE-687
I guess the vulnerability of a user accessing to executable
code is seen as potentially worse than being able to disrupt
or effect other parts of database operation with normal PSQL.

--
Geoff Worboys
Telesis Computing