Revoke Public Execute Permissions on Module Routines

By default, public can execute the module functions such as ifx_replace_module, ifx_load_internal, and reload_module. This can allow attackers to force the Informix server to load arbitrary libraries and execute code as the Informix user. To help resolve this security hole, create a role called ModuleAccess and assign only those users that are required to load modules, as a strict business requirement, membership of this role. Then assign this role the execute permission on these routines and revoke the execute permission from public.