Subject RE: [Firebird-Architect] User name SYSDBA
Author Leyne, Sean

> Your security model is too weak and antiquated for web applications
> where a single application server services many classes of users. You
> model says that all application server connections are alike and the
> responsibility for enforcing security belongs to the application
> programmer, not the database system. This makes for expensive, bad,
> insecure applications.

My security model is not too weak -- it is your mind that is too weak to
think laterally in this area.

The "problem" that you think exists is very simply addressed by the web
service authenticating a user using one connection (which has access to
only the security data) and then have all other accesses done using
having the a new connection created. As such, the new connection would
be in the users context and thus governed by their specific rights.

While someone could implement the model you describe, it is NOT the
model I have been describing but your too stuck on the "activating"
function too see what I'm talking about.