>would you lock out SYSDBA as well? If yes, this is impossible
>(AFAIK SYSDBA connections can't and shouldn't be restricted).
>If not, it is flawed (replace isc4.gdb and voila le database à la
>carte).

That would be the general idea :)
But if it is impossible, then what can you do?!

>You should have said you were talking about the average person.
>Then we're not talking about security at all. Perhaps obfuscation.

As I stated earlier, a little security is better than none.

>No, the only way would be avoiding to let them get at the server
>machine, which includes the data *and* the way to decrypt it.

I quite agree :)

The fact that there apparently is no way of distributing a *.gds
file with SP's etc, in such a way that the SYSDBA doesn't get to
see the code will probably not be an advantage to FireBird.
Especially if Monty implements this into mySQL.

However, as the namesake of a great man stated earlier,
most users of Firebird perhaps don't have a need for security
or protection of SP's.

Josce