Subject Re: [IB-Architect] Re: Some thoughts on IB and security
Author Bill Karwin
---- Original Message -----
From: "Jason Wharton" <jwharton@...>
> >I support Jim's plan for plug-in modules that implement security. (In
> >fact, I proposed it myself as a future direction for InterBase a couple
> >of years ago.)
> Could this make it possible to hook into each OS's security interface?

Yes, that's the idea.

> I get
> heckled a lot by our WIN NT LAN administrator who thinks that the database
> security should be aware of the NT users and groups and be able to have
> permissions based on that.

This would be convenient for many situations. However, one could also argue
that there are situations in which you _don't_ want every user in your NT
Domain or NDS directory to implicitly have a login to the database.
Therefore it'd be good for integration with OS security to be an option, but
not mandatory.

> I'd like to see it designed such that looking at the ISC4.GDB is the
> behavior and that other plug-ins could be used to look elsewhere for their
> security credentials. Each OS could have its own plugin to hook into its
> security system.

Yes, that's the idea. Or even multiple plugins... for instance, in an
environment that supports multiple directory services.

> It would also be nice to have a certain amount of integration for ROLES
> GRANTS, etc. so that these things could also be controlled at the LAN
> administration level rather than separately at the DBA level.

ROLES in particular are defined by SQL. ROLES are groups of privileges, not
groups of users as we know them from OS security. I think we should leave
alone the implementation of ROLES, in order to conform to SQL.

That does not preclude us from adding another mechanism for groups, such
that a user who belongs to a group inherits all privileges assigned to that
group. I think this would be a good addition, one that users have been
asking for in InterBase for years. But this is not the same thing as SQL

> I'd also like to see something similar for database aliases.

Yeah, we discussed this some weeks ago. I'd like to see this too. It
doesn't necessarily affect the implementation of authentication. I suggest
that we discuss it in a different thread.

Bill Karwin