Skip to Content
0

Does there any concerns about set sqlscript_mode to unsecure?

Mar 30, 2017 at 08:58 PM

158

avatar image
Former Member

We need create a stored procedure as design time object. one of the option is access mode (either read only or read/write). To make it read/write, I need to modify the parameter sqlscript_mode to UNSECURE. I am just wandering if there are any secure concerns on this change.

Thanks.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Florian Pfeffer
Mar 31, 2017 at 11:09 AM
0

The setting steers "only" that repository procedures can be created with read/write mode. So you will not have any general security related concerns changing that setting.

But of course you have to deal with the authorization requirements which comes up for the write access (are people actually allowed to execute DML operations or to execute dynamic code which is then also allowed). You have to think about that and maybe have to adjust your authorization setup.

You should also consider DEFINER mode procedures which are executed with the technical _SYS_REPO user (spoken for XS Classic). If a user has the authorization to execute such a DEFINER mode (write) procedure, which is then running technically with user _SYS_REPO, some "unwanted" side effects can occur.

Best Regards,
Florian

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thanks Florian for your comments here. It's really help.

0