the logging done for su on unix systems. For example
[ip address] succesfully connected as sysdba
[ip address] gave an invalid password for sysdba

If there was a on-login event and if this parameter was passed to the handler then it could be nice option for DBAs who want to keep track of these things.

Many services (samba, apache, for example) let you limit who can
connect by network address/range. While this can in some situations
be defeated by address spoofing, it might be a good idea for IB.
For classic on linux (and presumably other unix you should already)
be able to do this with tcpd.

I think bloacking the post via ipchains from undesirable address is quick and pretty immune from spoofing. It's easy to implement and requires no recoding of the database. I say let the OS take care of denying a service.

On the topic of security enhancments, if you run IB as a web backend,

and run the ibserver on the same machine as the web server, it would
seem to be a good idea to use IPC and disable tcp/ip (both for security
and efficiency). Previously, this could be done with by using a local
interbase license.

I'm all for this if it improves speed.

----------------------------------------------

             Tim Uckun

      Mobile Intelligence Unit.

----------------------------------------------

   "There are some who call me TIM?"

----------------------------------------------