Menu
▾
▴
Re: [Firebird-devel] FB/Java embedded connections - proposed solution for Firebird and Jaybird
|
From: Adriano d. S. F. <adr...@gm...> - 2016-05-20 10:55:51
|
On 20/05/2016 05:37, Dmitry Yemanov wrote: > 20.05.2016 11:32, Mark Rotteveel wrote: >>> If it's about routine in machine codes such routine should not exist on >>> server. Nor in UDF, nor in plugins. No other solutions. >>> What about Java - I hope call to dynamic library loader can be >>> restricted by VM? >> Yes it can, but for example the client library (and embedded engine) is >> already loaded because that is used by FB/Java itself, so it is available. > But if we can protect external connections within the active (already > loaded) library and if JVM can protect from loading other libraries, > together it could solve the issue. > > As I said: - FB/Java can control permissions - It needs to connect to user databases and java-security.fdb without knowing password - It needs to verify (itself or in Firebird) user names and passwords So if engine does not verify it, we should create a service specific for that: verify user names and passwords. Looks bad solution than initial one presented in this thread. Adriano |
