Hans Zeller created TRAFODION-2555:
--------------------------------------
Summary: Document security implications of UDRs more clearly
Key: TRAFODION-2555
URL: https://issues.apache.org/jira/browse/TRAFODION-2555
Project: Apache Trafodion
Issue Type: Bug
Reporter: Hans Zeller
Assignee: Hans Zeller
Right now, our manuals don't make it clear enough that Trafodion UDRs
(User-defined Routines, that is a general term for UDFs and stored procedures)
are "trusted". "Trusted" in this context means that they run as the Trafodion
user id and therefore the code can bypass any security check and access any
data stored in the Trafodion cluster. This is similar to trusted UDRs in other
database systems like Oracle or DB2. Trafodion currently does not support the
"isolated" flavor (called "fenced" in DB2). We need to add this information to
the documentation we have.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
