In response to a question here a little while ago I decided to work on a plugin for making parallel http requests. While doing that it occurred to me that it would be nice if there was a security realm for functions. Right now it’s an all or nothing proposition and there are some functions that you might not want to make available to all users. I was thinking of something like func:myDb\my-func-id and maybe overload the exec permission. (I know it has a somewhat different meaning when applied to a database)
I also thought that it might be nice if the currently running user was passed through to the password file so that you can have per user passwords. I was thinking something like the following for the password file
I don’t know how much trouble that would be with how virtual graph connections are handled but it would also be cool if the virtual graph user name and password could fall back and use the password file as well.
The colons in the jdbc url connection string are a bit problematic and the database would be ignored but hopefully you get the idea.
I’ve also decided to go to the trouble of packaging functions separately. There are very few, if any, dependencies so I figure a user should be able to only install the exact ones they want. It’s a little more work to do that but I figure it’s the right thing to do.