Hans Zeller created TRAFODION-2555: -------------------------------------- Summary: Document security implications of UDRs more clearly Key: TRAFODION-2555 URL: https://issues.apache.org/jira/browse/TRAFODION-2555 Project: Apache Trafodion Issue Type: Bug Reporter: Hans Zeller Assignee: Hans Zeller
Right now, our manuals don't make it clear enough that Trafodion UDRs (User-defined Routines, that is a general term for UDFs and stored procedures) are "trusted". "Trusted" in this context means that they run as the Trafodion user id and therefore the code can bypass any security check and access any data stored in the Trafodion cluster. This is similar to trusted UDRs in other database systems like Oracle or DB2. Trafodion currently does not support the "isolated" flavor (called "fenced" in DB2). We need to add this information to the documentation we have. -- This message was sent by Atlassian JIRA (v6.3.15#6346)