Menu
▾
▴
Re: [Firebird-devel] FB/Java embedded connections - proposed solution for Firebird and Jaybird
|
From: Alex P. <pes...@ma...> - 2016-05-20 11:04:36
|
On 05/20/2016 01:54 PM, Adriano dos Santos Fernandes wrote: > On 20/05/2016 05:37, Dmitry Yemanov wrote: >> 20.05.2016 11:32, Mark Rotteveel wrote: >>>> If it's about routine in machine codes such routine should not exist on >>>> server. Nor in UDF, nor in plugins. No other solutions. >>>> What about Java - I hope call to dynamic library loader can be >>>> restricted by VM? >>> Yes it can, but for example the client library (and embedded engine) is >>> already loaded because that is used by FB/Java itself, so it is available. >> But if we can protect external connections within the active (already >> loaded) library and if JVM can protect from loading other libraries, >> together it could solve the issue. >> >> > As I said: > - FB/Java can control permissions > - It needs to connect to user databases and java-security.fdb without > knowing password That's not a problem. > - It needs to verify (itself or in Firebird) user names and passwords What about use of security context of connection from which Java was called when no login/password provided? > So if engine does not verify it, we should create a service specific for > that: verify user names and passwords. Looks bad solution than initial > one presented in this thread. Engine _can_ verify login/password but this is not default for it. Can FB/Java add to DPB, passed by user in attachDatabase, specific tag (i.e. isc_dpb_validation_needed)? That will be enough. |
