Re: Application code inspecting Derby's embedded objects

[Satheesh Bandaram]

Now I understand what you mean by this... after reading Oystein's question. Current proposal only has EXECUTE privilege to allow executing procedures and functions. Creator of the routine can define if that needs to be executed as the invoker or the definer. Lot more could be done to enhance Derby's security and access control areas. Satheesh Francois Orsini wrote: There is no support for "create privileges" (which are part of "system" ones) currently in the phase I of grant/revoke - Am looking at system prvileges to support for Derby at a minimum and will be posting something soon. Phase I deals with object privileges at the moment. --francois On 1/6/06, Øystein Grøvlen <[EMAIL PROTECTED]> wrote: >>>>> "RH" == Rick Hillegas <[EMAIL PROTECTED]> writes:     RH> These are useful checks. It reminds  me of how vulnerable we are given     RH> all the ways that users can inject code into the database. A malicious     RH> or  buggy function/procedure/aggregate/adt/vti  could probably  find a     RH> way to mount a denial of service attack. Our user documentation should     RH> point  out  the  importance  of  tightly restricting  who  can  inject     RH> code. As you note, GRANT/REVOKE will be our first line of defense. Does the current GRANT/REVOKE work include a specific privilege for creating stored procedures? -- Øystein