Subject RE: [ib-support] IB security
Author Rado Benc

> I feel security is a weak point in IB/FB armor (correct me if am
> wrong).

IMHO, yes.

> - Does IB/FB metadata (especially stored procedures code) have to be
> available to anyone who has access to the database? What if the database
> developer does not want the source code to be available?

You can remove the sources from the database:


Commit and see what happens. (Make sure you have the sources backed up prior
doing that - it is not that easy to get the sources from BLR :-) ).

> - The database data and metadata can be viewed by anybody having a backup
> copy of the database if that person has administrator rights on any IB/FB
> server.

Yes. However, if you remove procedure sources and then perform a backup and
restore, the procedure sources would not be re-created - as expected.
The only solution I know of is to avoid physical access to both databases
backups for "unauthorized" persons.

> - The password is 32 characters long, but only the first 8 are significant
> (though it is case sensitive).

Yes. I believe that IB / FB development would address this problem soon.

> - I am not sure about this point: can anybody who has physical
> access to the gdb file copy it to another computer where he has
> rights and log into the database?

Yes. As I wrote above - avoid it.

> Finally, what are the bugs plaguing stored procedures in IB/FB,
> and is there a fix soon?

As far as I know, both IB and FB are under "serious" development.