>>> Without it we can easily return to problems, when any user
>>> with valid FB login may execute any code in context of firebird server. For
>>> example, if any user would be able to create database (becoming it's owner)
>>>
>>
>> Here we have a real problem - we must define and check privileges for
>> CREATE DATABASE at engine instance level.
>>
>> My $0.02
>>
>>
>
> I don't understand this. Why is this necessary?

Alex gave the exact reason - without CREATE DATABASE privilege
any user might create its own database, register there any dangerous
external procedure and execute it.

> And how could it be
> implemented in the Firebird database model? Specifically, where would
> these permissions be defined and where would they be stored?

This is not easy question. But we must found an answer, i think. One of
possible ways is to define centralised per- engine instance security database.
I.e. such engine instance level privileges might be stored in common
security database.

Regards,
Vlad