cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does there any concerns about set sqlscript_mode to unsecure?

Go to solution
scott_xu
Explorer

‎03-30-2017 9:58 PM - edited ‎02-03-2024 8:57 PM

0 Kudos

We need create a stored procedure as design time object. one of the option is access mode (either read only or read/write). To make it read/write, I need to modify the parameter sqlscript_mode to UNSECURE. I am just wandering if there are any secure concerns on this change.

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

pfefferf
Active Contributor
‎03-31-2017 12:09 PM
0 Kudos

The setting steers "only" that repository procedures can be created with read/write mode. So you will not have any general security related concerns changing that setting.

But of course you have to deal with the authorization requirements which comes up for the write access (are people actually allowed to execute DML operations or to execute dynamic code which is then also allowed). You have to think about that and maybe have to adjust your authorization setup.

You should also consider DEFINER mode procedures which are executed with the technical _SYS_REPO user (spoken for XS Classic). If a user has the authorization to execute such a DEFINER mode (write) procedure, which is then running technically with user _SYS_REPO, some "unwanted" side effects can occur.

Best Regards,
Florian

Show replies
Show replies
scott_xu
Explorer
‎03-31-2017 1:39 PM
0 Kudos

Thanks Florian for your comments here. It's really help.

Answers (0)

Ask a Question