Subject Re: [IB-Architect] Re: Some thoughts on IB and security
Author Bill Karwin
rfm@... wrote:
> Yeah. What I had in mind would only happen at authentication time,
> and could be as simple as saying that 'these OS groups correspond
> to the SQL roles of the same name' Or even 'all OS groups correspond
> to the SQL role of the same name'. My point being that it should not
> just be 'any user who can log onto the OS can use the database'

I want to repeat my opinion that OS groups should not correspond to SQL
roles. If we want a SQL mechanism to map to OS groups, then InterBase
could implement a groups concept (in fact it has it already, doesn't
it?). But SQL roles ain't it.

> OK. What I was trying to say is that 1) some people want encryption
> of all data that is sent over the wire, or of database files on disk,
> 2) Security plugins would >NOT< provide this.

Agreed. Can I suggest that we stop calling this plugin we've been
discussing a "security plugin"? An "authentication plugin" would be a
more accurate description.

The idea of an "encryption plugin" can also be discussed, but at least
we'll distinguish the features by using different terminology.

Bill Karwin