Re: Application code inspecting Derby's embedded objects

[Francois Orsini]

There is no support for "create privileges" (which are part of "system" ones) currently in the phase I of grant/revoke - Am looking at system prvileges to support for Derby at a minimum and will be posting something soon. Phase I deals with object privileges at the moment.

--francois

On 1/6/06, Øystein Grøvlen <[EMAIL PROTECTED]> wrote:

>>>>> "RH" == Rick Hillegas <[EMAIL PROTECTED]> writes:

    RH> These are useful checks. It reminds  me of how vulnerable we are given
    RH> all the ways that users can inject code into the database. A malicious
    RH> or  buggy function/procedure/aggregate/adt/vti  could probably  find a
    RH> way to mount a denial of service attack. Our user documentation should
    RH> point  out  the  importance  of  tightly restricting  who  can  inject
    RH> code. As you note, GRANT/REVOKE will be our first line of defense.

Does the current GRANT/REVOKE work include a specific privilege for
creating stored procedures?

--
Øystein