Subject Embedded, was Re: [Firebird-general] Re: The 2003 Members Choice Awards have begun
Author Helen Borrie
At 09:21 AM 18/11/2003 +0000, you wrote:
>Hi Helen
> > Embedded on Win32 doesn't use the security.fdb file *at all*. It
> > it. You need the embedded client, firebird.msg, the UDF and
>language dlls
> > and ib_util.dll. No Registry settings either.
>Does this mean that the embedded client ignores all grants in the
>database? This is a huge security hole.

Grants are nothing to do with the security database. However....

>Could you copy a protected
>database (with a sysdba role for example and various users with
>different access rights) to a machine with the embedded server and
>access all the tables?

...hat's a good question. There must be some kind of "default user"
implied in an embedded server connection. I don't quite see how you
*could* set up permissions in a database if there's no way for the embedded
server to tell which user is currently logged in.

As for "huge" security hole...doesn't this get back to the biggest security
hole of all - the one in the physical system design? If you don't want
someone to steal a database, don't put it where a thief can get it.