Mike Matrigali wrote:
Rick Hillegas (JIRA) wrote:
[
https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12511221
]
Rick Hillegas commented on DERBY-2437:
--------------------------------------
I am trying to wrap my mind around how much incremental exposure is
introduced by the ability to import/export LOBs. In a properly
secured system, this power would be limited to the database owner.
Currently, the database owner enjoys godlike powers, including the
ability to read and change everyone's passwords. If I were a DBA bent
on increasing my salary, I don't think I would use import/export to
do this. The following seems like a much more straightforward approach:
This is what I have been looking for. What does a properly secured
system do to prevent import/export? I have been looking around in the
documentation but not quite sure where to look. Is this a
grant/revoke thing?
Hi Mike,
Yes, import/export privileges are controlled by GRANTing/REVOKEing
EXECUTE privilege on the import/export system procedures. By default,
only the database owner has that privilege. Like you, I am puzzled about
where we document this. I glanced at the user guides quickly but
couldn't figure it out.
Regards,
-Rick
