On 05/20/2016 12:39 PM, Dimitry Sibiryakov wrote: > 19.05.2016 23:26, Leyne, Sean wrote: >>>> Is there a way to prevent Java applet from using anything from out of >>>> database (other applets, native libraries and so on)? >> But how far would the prevention go? > AFAIU, the root of the problem is that (in contrast with UDF) any user > can load to > database any Java code he wants and then execute it with full rights.
Exactly. Our task to make that rights not too full. > To connect to any database this Java code must load Jaybird and Jaybird > must load > fbclient. Here we can stop it, denying to load native fbclient. In this case > the code will > have to use Jaybird in protocol emulation mode which doesn't allow embedded > connections. > It even may allow embedded connection but (depending upon provided user name in DPB or not) perform authentication or place into DPB auth block from original connection. This will efficiently block attempts like 'isql -user sysdba dbname'. ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
