Hello, All!
Protectng metadata is good feature in IB 6.5, but not new.
I'm ready to dispute about header in readmeta.sql, blindmeta.sql, writemeta.sql:
/*
* Copyright (C) 2001 Borland Software Corporation
* All Rights Reserved.
* Contributor(s): ______________________________________.
*/
This can't be copyrighted, since one person named Michael Podstrechny
found this solution for IB 4.x and sent to me.
And I've PUBLISHED it in 1997:
(sorry that text in Russian, but that's as document was published
originally. We are only interested only in grant/revoke commands and idea itself)
http://ib.demo.ru/DevInfo/sysprot.htm
Original file date was lost, sorry, but anyway last change date is
29 october 1998.
So, I'm proud to say that EVERYONE can use this idea, without any
mention of Borland Software Corp. (with my respect to it).
I understand Borland's motivation, i.e. all included in distribution
must be marked. But in this situation they have no (c).
p.s. If I apply readmeta.sql on FB database, every user can create his
own tables. But he can't delete or edit records directly in RDB$.
(that's why I don't understand purpose of writemeta.sql - to enable
every user directly run 'delete from rdb$user_privileges' ?).
Blindmeta.sql hides everything (except for SYSDBA) - RDB$ are not
accessible and thus user can't select any data from any table.
So, as I understand, this feature (new 6.5 metadata protection) is in switching
off privileges check for system tables RDB$ ? In this case, I don't understand
why they need to be checked at all. Let engine check privileges for any objects,
except system.
p.p.s. it is much easier to cut some part of code, rather than to write new. Isn't it? :-)
--
Dmitry Kuzmenko, Epsylon Technologies.
|
