Subject Re: [ib-support] Re: Database protection
Author Nando Dessena

> you would create a PasswordTable in your database. If the
> server doesn't find a table "PasswordTable" it means that
> the database is not protected and everything would
> work as normally. If it finds one it will check the supplied
> username & password against the ones in the table to see
> if connection is allowed.

would you lock out SYSDBA as well?
If yes, this is impossible (AFAIK SYSDBA connections can't and shouldn't
be restricted).
If not, it is flawed (replace isc4.gdb and voila le database à la

> b) the average person would not be able to poke around in
> the supplied SP's.

You should have said you were talking about the average person. Then
we're not talking about security at all. Perhaps obfuscation.

> Since the src code is open sourced the only real way to
> protect it totally would be to use encryption.

No, the only way would be avoiding to let them get at the server
machine, which includes the data *and* the way to decrypt it.