On 05/20/2016 10:17 AM, Dmitry Yemanov wrote: > What about a new parameter in firebird.conf: EmbeddedDatabaseAccess, > defaulted to "Restrict Self" (which is OK for 99% embedded apps)?
Sorry looks like I do not understand what is suggested. What else values can have that parameter? > It will be checked for outgoing embedded connections, as they're usually > (*) handled by the same engine. As far as I understand Java (may be not very good) there is a layer between Java code trying to attach to database and yvalve, i.e. Java code can't call Provider::attachDatabase() directly. Am I right? If yes we already have working solution in extds. > Remote connections will be always > allowed and protected by the generic authentication. > > (*) The problem here is what to do if the external routine explicitly > loads a different y-valve with possibly different engine (using a > different configuration). > If it's about routine in machine codes such routine should not exist on server. Nor in UDF, nor in plugins. No other solutions. What about Java - I hope call to dynamic library loader can be restricted by VM? ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
