Skip to Content
avatar image
Former Member

Does there any concerns about set sqlscript_mode to unsecure?

We need create a stored procedure as design time object. one of the option is access mode (either read only or read/write). To make it read/write, I need to modify the parameter sqlscript_mode to UNSECURE. I am just wandering if there are any secure concerns on this change.

Thanks.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Mar 31, 2017 at 11:09 AM

    The setting steers "only" that repository procedures can be created with read/write mode. So you will not have any general security related concerns changing that setting.

    But of course you have to deal with the authorization requirements which comes up for the write access (are people actually allowed to execute DML operations or to execute dynamic code which is then also allowed). You have to think about that and maybe have to adjust your authorization setup.

    You should also consider DEFINER mode procedures which are executed with the technical _SYS_REPO user (spoken for XS Classic). If a user has the authorization to execute such a DEFINER mode (write) procedure, which is then running technically with user _SYS_REPO, some "unwanted" side effects can occur.

    Best Regards,
    Florian

    Add comment
    10|10000 characters needed characters exceeded