| Subject | Re: [Firebird-Architect] Connect privilege |
|---|---|
| Author | Dmitry Yemanov |
| Post date | 2007-04-30T05:07:13Z |
Philippe Makowski wrote:
and so on.
privilege in the case of the database-level authentication (without a
security database)? If in the database itself, then should the engine
first perform an actual connection and only then check whether it was
allowed?
Dmitry
>It seems so :-)
> Did I missed something ?
> Any user define into security database can access at any database on the serverYes. He/she can also alter or drop generators/UDFs, modify system tables
> and can create object in the database
and so on.
> Can't we have a CONNECT and CREATE OBJECT privileges to avoid this ?We can, I suppose. But where would you suggest to store the CONNECT
privilege in the case of the database-level authentication (without a
security database)? If in the database itself, then should the engine
first perform an actual connection and only then check whether it was
allowed?
Dmitry