> However, there are security holes which the database system can
> really help to close. For example, with any legitimate Interbase user
> account I can effectively crash my Interbase server by writing
> to a database until the disk fills up.

I believe that this 'crash' issue is resolved in 6.0 in that
we return an error when there is no disk space left on the
device. Actually, I've never seen this crash but, rather
hang the client.

> I can also create a new database any time I want

I would think that putting security on DDL would be a reasonable
enhancement. (eg. GRANT WRITE ON CREATE DATABASE TO xxxx).

> since I already know the file path to an existing database
> and can create a new one which sits right next to it.

Are you using the BDE? If not, it should be pretty easy to hide
the file location from the end user.

> Then, as owner of that database, I can map external files to
> perform mischief.

You would have to have OS write access for the directory here.
And the IBServer process would need read/write access to the
external file location. Also some meta data SQL security
could prevent the creation of exteral file objects in the
database.

Good points of weakness. Areas that I think could likely
be strengthened without major changes. Others would need
to confirm though, I am speculating.