On 27/07/2011 10:00, Jim wrote: > "Of course, an alternative, as Alex Peshkoff mentioned: > If we vote for speed, the best choice will be use of precompiled > libraries - like with UDFs. > And like UDFs we leave it to sysadmin - not DBA." > ... we could just trust sysadmins to only upload proper code - seems > like a signed code approach might be a good first step...
From FB POV, signed code for sysadmin means nothing. Sysadmin should just be able to put files where it wants and like UDFs, if it's in the right place it should be used. What I see good about code signing is that sysadmin could delegate code installation to others users (or just the DBA) from remote*. So the certificate (public key) is put on the server, and anyone able to sign the binaries with the correspondent private key are good people. * In the Java plugin, users can install code (in the database) from client application or from already installed external routines. These external routines are just wrappers with runs the same client code, but now in the server. Adriano ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
