On 05/20/2016 01:54 PM, Adriano dos Santos Fernandes wrote: > On 20/05/2016 05:37, Dmitry Yemanov wrote: >> 20.05.2016 11:32, Mark Rotteveel wrote: >>>> If it's about routine in machine codes such routine should not exist on >>>> server. Nor in UDF, nor in plugins. No other solutions. >>>> What about Java - I hope call to dynamic library loader can be >>>> restricted by VM? >>> Yes it can, but for example the client library (and embedded engine) is >>> already loaded because that is used by FB/Java itself, so it is available. >> But if we can protect external connections within the active (already >> loaded) library and if JVM can protect from loading other libraries, >> together it could solve the issue. >> >> > As I said: > - FB/Java can control permissions > - It needs to connect to user databases and java-security.fdb without > knowing password
That's not a problem. > - It needs to verify (itself or in Firebird) user names and passwords What about use of security context of connection from which Java was called when no login/password provided? > So if engine does not verify it, we should create a service specific for > that: verify user names and passwords. Looks bad solution than initial > one presented in this thread. Engine _can_ verify login/password but this is not default for it. Can FB/Java add to DPB, passed by user in attachDatabase, specific tag (i.e. isc_dpb_validation_needed)? That will be enough. ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
