03-30-2017 9:58 PM - edited 02-03-2024 8:57 PM
We need create a stored procedure as design time object. one of the option is access mode (either read only or read/write). To make it read/write, I need to modify the parameter sqlscript_mode to UNSECURE. I am just wandering if there are any secure concerns on this change.
Thanks.
The setting steers "only" that repository procedures can be created with read/write mode. So you will not have any general security related concerns changing that setting.
But of course you have to deal with the authorization requirements which comes up for the write access (are people actually allowed to execute DML operations or to execute dynamic code which is then also allowed). You have to think about that and maybe have to adjust your authorization setup.
You should also consider DEFINER mode procedures which are executed with the technical _SYS_REPO user (spoken for XS Classic). If a user has the authorization to execute such a DEFINER mode (write) procedure, which is then running technically with user _SYS_REPO, some "unwanted" side effects can occur.
Best Regards,
Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.