Subject Re: [firebird-support] Re: Hundreds of Generators
Author Geoff Worboys
Lester Caine wrote:
> Dunbar, Norman wrote:
>> Morning Geoff,
>>>> ... it does pay to remember one other thing
>>>> about generators: their total lack of security!
>>>> Until that long standing hole gets filled there are some
>>>> purposes for which generators are not appropriate.
>> I've never heard of this problem. Would you please elaborate (or point
>> me at a document online).

> There are no 'privileges' for generators? Anybody can change them ...

See the very brief (but accurate :-) tracker entry:

Not to mention being able to drop them:

There is also the long standing issue relating to all metadata:
any user can create any metadata object they like... unless it
already exists. In a situation where a system may be regularly
creating objects (eg: generators) as part of some internal
process the ability for any user to create their own objects
_could_ be a security problem.

I cant actually find a tracker entry for the generic create
object problem (it does effect all metadata)... but someone has
recognised the problems exists with UDFs:
I guess the vulnerability of a user accessing to executable
code is seen as potentially worse than being able to disrupt
or effect other parts of database operation with normal PSQL.

Geoff Worboys
Telesis Computing