db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oystein.Grov...@Sun.COM (Øystein Grøvlen)
Subject Re: Application code inspecting Derby's embedded objects
Date Fri, 06 Jan 2006 08:10:34 GMT
>>>>> "RH" == Rick Hillegas <Richard.Hillegas@Sun.COM> writes:

    RH> These are useful checks. It reminds  me of how vulnerable we are given
    RH> all the ways that users can inject code into the database. A malicious
    RH> or  buggy function/procedure/aggregate/adt/vti  could probably  find a
    RH> way to mount a denial of service attack. Our user documentation should
    RH> point  out  the  importance  of  tightly restricting  who  can  inject
    RH> code. As you note, GRANT/REVOKE will be our first line of defense.

Does the current GRANT/REVOKE work include a specific privilege for
creating stored procedures?


View raw message