Here is one response, though not the official one...

At 7/3/00 06:04 AM (Monday), David wrote:

>1. The IB6 Beta SS for Linux includes a populated user list including:
>[snip]

This looks like an obvious oversight in the beta distribution process. I
have not heard it brought up before so I'm glad you did! The database
should be cleaned before distribution for sure.

>2. Any local (UNIX) user can potentially connect to the ISC4 database and
> read the encrypted password field:
>[snip]
> Would IB user authentication break severely if that field was
> not readable to regular users?

The IB security model requires that files on the server be secured from all
local and remote users who should not have direct access to them. In the
case of ISC4.GDB the only process which needs access is the server process
itself. (The normal use of this database is through the server as any GDB
file is used.)

>3. The ISC4 database is owned by "BUILDER" (with other references to "PUBLIC"
> in the priv's table); are these treated specially (or at least, within
> the ISC4 database) or would the existance of a UNIX-level user called
> "builder" (or "public" for that matter) suddenly open up the core IB
> security database (given that local users don't appear to have to
> authenticate themselves)?

This looks like another oversight in the distribution process. While I
believe previous versions had an ISC4.GDB owned by SYSDBA I'm not really sure.

However, read access is typically granted to this database for all IB users
(via PUBLIC) so changing the owner would not be to hide the data. It would
only be to prevent changes made.

There is an option to have the server process authenticate users using the
Unix authentication/privilege mechanism rather than through the server's
authentication via ISC4.GDB lookup. I have never used it so I cannot shed
any light on the subtleties.