On Monday 22 January 2001 22:26, Jason Wharton wrote:

> I make a service that monitors a table of users in the database and when an
> insert or update is performed the service (running on the server) executes
> all the commands necessary to make the security reflect the changes made in
> this table.
>
> The benefits of this is I get to use the table level security of
> permissions, trigger checks, etc. to control the security settings. Most
> importantly, I don't have to embed the SYSDBA password into the EXE of the
> program in any format whatsoever. It stays in a service process running on
> the server only. Totally isolated and secure.
>
> I highly recommend people get in the habit of writing service applications.
> It is amazing all of the things they make much simpler...

Sounds like a nice way to do it but added installation issues and I'm looking
for a simple install with no servers or anything else to complicate it...

What I'm thinking of now is to just bypass the whole business. I'll add a
users table to my database and keep the SHA1 or MD5 password there. My
application will just always connect as sysdba and an internal password and
will then validate the user itself. There are just too many issues in this
area and its compounded by wanting to support more that one database and not
wanting to really change what works for other databases just for Interbase.

I would like to help solve some of these issues in Interbase since I think
its a wonderful product. Just needs some time for the community to get a
grip on the code and start moving it in the right direction!

--
Brad Pepers
brad@...