From: Constantijn W. cw.s <cw...@xs...> - 2004-06-04 14:20:50
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content=3D"text/html;charset=3DISO-8859-15" http-equiv=3D"Content-Type"> <title></title> </head> <body bgcolor=3D"#ffffff" text=3D"#000000"> Daniel Rail wrote: <blockquote cite=3D"mid...@ac..." type=3D"cite"> <pre wrap=3D"">Hi, At June 4, 2004, 09:41, Constantijn Wolfs cw.s wrote: </pre> <blockquote type=3D"cite"> <blockquote type=3D"cite"> <pre wrap=3D"">Dmitry Yemanov wrote: It's not a bug, but as designed. EXECUTE STATEMENT doesn't inherit privileges of the procedure and the appropriate DSQL statement executed w= ith the current user's privileges. </pre> </blockquote> </blockquote> <pre wrap=3D""><!----> </pre> <blockquote type=3D"cite"> <pre wrap=3D"">You're right, sorry. I=A0 must read the releasenotes m= ore carefully.=20 Nevertheless it would be nice if it did; it is a psql extension, isn'tit?. </pre> </blockquote> <pre wrap=3D""><!----> I don't believe it would be nice. Because, it would be too convenient to be abused of. At the moment it is possible to pass the DSQL statement via a SP parameter to be used by EXECUTE STATEMENT. Now, imagine the possible risks if the wrong statement is passed(i.e.: DELETE FROM table), without any thought or maliciously(depending on application design and user access to admin applications). </pre> </blockquote> Hello Daniel,<br> <br> I don't see any relevance with the question at hand. Designers which give end users the possibility to damage the database through=A0 execution of free sqlstatement=A0 input must be banned to ..... <br> Enhancing security has a lot to do with the intuitive logic and predictability of the psql language. Users are granted execution rights of the sp's and nothing more. That also increases security.=A0 I my case I can build 40-50 different sp's to implement a rich search functionality, or i can build different statements in the sp according to the parameter input,. Normally by the sp "encapsulated" access rights to other database objects, must now be granted explicitely. That is inconsistent and a potential source of insecurity build in by other programmers less aware of this anomaly in logic (like me 5 hours ago).<br= > <br> </body> </html> |