On 13/12/2021 07:14, Alex Peshkoff via Firebird-devel wrote:
>> The problem is that if it's available in the server, it can be declared
>> in all databases.
> 
> But since v.3 we have control on access to UDR. I suppose DS meant
> something like this:
> 
> # ./isql -user guest employee
> Database: employee, User: GUEST
> SQL> select sum_args(1,2,3) from rdb$database;
> Statement failed, SQLSTATE = 28000
> no permission for EXECUTE access to FUNCTION SUM_ARGS
> SQL>
> 

There is server administrator, database administrators and database
developers.

Server administrator manages things directly in the server, has access
to file system, can run processes, etc.

Database administrator does not always have access to full server.

And database developers create code (or declare external routines) in
database.

If server administrator put an UDR (or better, any external routine)
library in server, it's available to all database developers. That may
work for some environments, but is definitively a problem for some
environments (where server administrator cannot 100% trust database
developers) if the UDR can access server resources or even others
Firebird databases. So some UDR may need to have its own permission
system (verified by server administrator).

In FB/Java that was resolved with FB/Java security database and Java
sandbox security. But this Java security is deprecated in last Java
release. This was good in the era of applets and application servers,
but world moved on.

In these days of micro services, security is managed at the container
level. If we want to follow that path external routines would need to
run in containers and there must be a cloop proxy for out-of-process
calls of our interfaces methods going to the Firebird server.


Adriano


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to