16.07.2021 13:03, Dimitry Sibiryakov wrote:
16.07.2021 11:52, Vlad Khorsun wrote:
We need a way to know when application uses BLR API directly.
Direct BLR compilation won't have DSQL prepare event with the same statement
ID. Isn't it enough for this topic's purpose?..
There are another purposes. Security is most important.
I.e. trace_blr_compile is very different from trace_generated_blr
from securty POV (at least).
But sent data is exactly the same so what's the difference?
Difference is huge - origin of event. Some apps could try to hide suspicious
operations from DB audit using BLR API. Currently it could be tracked using
trace_blr_XXX events. Usually these events is absent or very rare. If we start
to generate such events for every DSQL statement it will make task of auditor
much harder. Also, it will make trace/audit logs size much larger and could
lower overall system performance.
Regards,
Vlad
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
