Subject | Re: [ib-support] Is this aproved ? |
---|---|
Author | Jason Wharton |
Post date | 2000-12-04T19:41:58Z |
> Since I didnt receive any answer from the IB gurus I had sent thisgurus
> message, I would like to know what you guy think about this :
>
>
> ---------------------------------------------
>
> I found a "solution" proposed by some people here in Brazil to "SOLVE" the
> problem regarding security problems in IB with the SYSDBA user. Following
> is a resume of what the guys proposed... I would like to hear from you
> if this is really a solution to the problem :Have you tested this out? I would be interested in knowing if it works and
>
> Steps :
>
> 1) GRANT ALL on RDB$RELATIONS to SYSDBA
> 2) REVOKE ALL on RDB$RELATIONS from SYSDBA
> 3) Remove the rights of SYSDBA to select, insert and update the
> RDB$RELATIONS table, after that remove the SYSDBA rights (UPDATE and
> INSERT) to the RDB$USER_PRIVILEGES table
> 4) Now you have a database that can be copied to any machine and no SYSDBA
> will have any access to the database info/data.
what the down sides of it are.
I presume you would want to create the database using an alternative OWNER
so that there would still be an avenue of administration. You might also
want to look at that as yet another thing that needs to be locked down too.
FWIW,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com